1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[Suggestion] Malware scan results for PHP based shares

Discussion in 'Forum Suggestions & Feedback' started by Conor, Oct 6, 2013.

  1. Conor

    Conor Jr. VIP Jr. VIP

    Joined:
    Nov 7, 2012
    Messages:
    3,530
    Likes Received:
    5,801
    Gender:
    Male
    Location:
    South Africa
    Home Page:
    It's all very well posting a VT scan for a WP theme or plugin or any other sort of PHP file we share, but Virustotal won't pick up any malware in PHP scripts. Your PC won't get hacked, but your website might.

    My suggestion: mandatory scan results from some sort of malware scanner, like this one: http://wordpress.org/plugins/sucuri-scanner/ instead of, or including a VT scan.

    It's just the first scanner I could find in Google, perhaps someone else has a more global solution that doesn't require WP.
     
    • Thanks Thanks x 2
  2. Asif WILSON Khan

    Asif WILSON Khan Executive VIP Jr. VIP

    Joined:
    Nov 10, 2012
    Messages:
    11,154
    Likes Received:
    31,544
    Gender:
    Male
    Occupation:
    Fun Lovin' Criminal
    Location:
    London
    Home Page:
    I am not sure there is an online scanner like VT.

    Normally most of the scanners are for scanning local files or the online resources require you to provide ownership of the site.
    The alternative is to set up local test servers on which you can host the scanners and test the scripts.

    The following resources might help:
    http://urlquery.net/
    http://projects.webappsec.org/w/page/13246988/Web-Application-Security-Scanner-List
    https://www.owasp.org/index.php/Category:Vulnerability_Scanning_Tools
    http://en.wikipedia.org/wiki/Web_Application_Security_Scanner
    http://en.wikipedia.org/wiki/Web_application_security_scanner
     
  3. BadyBoySEO

    BadyBoySEO Regular Member

    Joined:
    May 17, 2013
    Messages:
    320
    Likes Received:
    94
    Location:
    United Kingdom
    Theme Audactity Checker, if you ever download a Wordpress theme from somewhere. Will catch the majority of PHP exploits and hidden scripts. You shouldn't really be messing with PHP scripts that aren't from a safe source unless you know what you are doing. Though I agree there should be some solution or guide for forum users.