• 1

Read this first!

We do not monitor these forums. The forum is provided to exchange information and experience with other users ONLY. Forum responses are not guaranteed.

However, please submit a ticket if you have an active subscription and wish to receive support. Our ticketing system is the only way of getting in touch with RSJoomla! and receiving the official RSJoomla! Customer Support.

For more information, the Support Policy is located here.

Thank you!

TOPIC: We've found x malware scripts inside your files.

We've found x malware scripts inside your files. 6 years 11 months ago #36718

  • rob.valk
  • rob.valk's Avatar
  • OFFLINE
  • Fresh Boarder
  • Posts: 3
I have updated the RSFirewall component to V2.11.7.
When I run a System Check now : I get a lot of (possible) Malware Alerts, like : Suspicious filename found. Files with a dot in front of them are usually hidden by the operating system (.csslintrc) and (.DS_Store).
With the last ones (.DS_Store) alerts the modification dates : "The file has been modified donderdag 23 juni 2016" are old. June 2016. I never had these Alerts before.
Is the Malware Scanner of RSFirewall upgraded so it is now also detecting these kind of issues, or do I have a real Security problem. Can someone please advice.
Best regards, Rob
The administrator has disabled public write access.

We've found x malware scripts inside your files. 6 years 11 months ago #36729

  • rob.valk
  • rob.valk's Avatar
  • OFFLINE
  • Fresh Boarder
  • Posts: 3
I got an answer via the support ticket :
The malware database has been updated to detected hidden files. On *nix hosting servers, any file with a dot in front is automatically hidden. Hackers use this to their advantage - to hide files. Of course, there are legitimate use cases (for example the famous .htaccess file).
Now, .DS_Store is a file created by the Apple operating system. Don't know what's doing on your website but it should probably be removed as it has no functionality. .csslintrc seems fine as well - if in doubt, google the filename.

As long as the same files are present in the source code of the software or extensions, I think it is safe just to ignore them. Hope other people are helped also with this answer. Thanks RSJoomla!
The administrator has disabled public write access.

We've found x malware scripts inside your files. 6 years 11 months ago #36730

  • steve62
  • steve62's Avatar
  • OFFLINE
  • Fresh Boarder
  • Posts: 1
hi i'm a user too. i had same thing, with .7 upgrade..it detects more things on system check

it lists anything with a dot in front, its a pain i think..

in my case there were 100 or so '.' images names created by a now not used image resizing thing, so i just deleted the images.

you'll have to assess for instance whether .ds store is a hack, or belongs to a proper site function somewhere.

also i seem to recall, .7 detects 2 files in the rsf fileset itself as dodgy, when they aren't.

obviously once you look at the files you can click them out of the checklist for the future.
The administrator has disabled public write access.

We've found x malware scripts inside your files. 6 years 11 months ago #36752

  • admin484
  • admin484's Avatar
  • OFFLINE
  • Fresh Boarder
  • Posts: 1
So i have to delete the .DS_Store files ?
Why is it that they are showing up as malware inside the adagency component. ?

Not being critical at all just asking for my information
The administrator has disabled public write access.

We've found x malware scripts inside your files. 6 years 11 months ago #36754

  • rob.valk
  • rob.valk's Avatar
  • OFFLINE
  • Fresh Boarder
  • Posts: 3
The malware database of RSFirewall component V2.11.7 has been updated to detected hidden files. On *nix hosting servers, any file with a dot in front is automatically hidden. Hackers use this to their advantage - to hide files. Of course, there are legitimate use cases (for example the famous .htaccess file).

So first check if those files exist in the source code of your component/module/plugin. When they are an integral part of the Extension, they are not Malware, you can accept them.
When they are not a part of the Extension Files, you should investigate but you can probably remove them safely.

In my case the .DS files were part of the source code of the extension and needed for a good working order.
The administrator has disabled public write access.
  • 1

Read this first!

We do not monitor these forums. The forum is provided to exchange information and experience with other users ONLY. Forum responses are not guaranteed.

However, please submit a ticket if you have an active subscription and wish to receive support. Our ticketing system is the only way of getting in touch with RSJoomla! and receiving the official RSJoomla! Customer Support.

For more information, the Support Policy is located here.

Thank you!