PHP File Scanner: Running a scan
Performing a scan is fairly simple. Just go to your site's backend,
, and click on . On that page, simply click on to initiate the scan. A modal dialog is displayed.The scan process is split in many steps in order to avoid server timeouts. Take a look at the Last server response label. It tells you for how long the current step is running. If this figure goes over 120 seconds, you can be sure that the scan is stuck. In case the scan is stuck or throws an error, please read the "How does it work?" section.
Please note that the first time you run this feature, all scanned PHP files will be reported as New. This is normal. Since there was no previous scan, all PHP files are new as far as Admin Tools is concerned. A side-effect of this behaviour is that all PHP files go through the "Threat score" determination engine which will typically result in a list of 30-100 files you should check. In other words, even if you run this feature for the first time after a site is hacked, it will narrow down the list of files you should check.
PHP File Scanner: Managing scans
The main page of the PHP File Change Scanner feature gives you an overview of the scan operations. From left to right, you see the following columns on each row:
A checkbox which is used to select the row(s) you want to delete, by pressing the button on the toolbar.
Scan date is the date and time this scan was performed. The date and time are shown in GMT (UTC) timezone.
Total files is the total number of PHP files which Admin Tools scanned.
Modified is the total number of PHP files which Admin Tools detected that are modified since the last scan.
Note | |
---|---|
Before Admin Tools 7.6.0 this count also included the files which were not modified, but have a threat score greater than 0 and were not marked by you as safe. |
Possible threats is the total number of PHP files (regardless of whether they are new, modified, or neither) which have a non-zero threat score and have not been marked as safe.
Added is the total number of PHP files which were added since the last scan.
Actions & Reports contains a link titled View Report when modified or added files are detected on your site.
The scan ID (a number) is a monotonically increasing number, i.e. each new scan has an ID which is equal to the previous scan's ID plus one.