Support

Admin Tools

#15333 PHP File Change Scanner

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Thursday, 07 March 2013 14:28 CST

Thursday, 07 March 2013 07:58 CST

user71798

Mandatory information about my setup:

Have I read the related troubleshooter articles above before posting (which pages?)? Yes
Have I searched the tickets before posting? Yes
Have I read the documentation before posting (which pages?)? Yes
Joomla! version: (2.5.9)
PHP version: (5.3)
MySQL version: (unknown)
Host: (arvixe)
Admin Tools version: (2.5.2)

Description of my issue:

In the Configuration window there are a number of options.  I have read through the docs and they seem to indicate that php is selected by default.  Perhaps the docs are old because when I scan it shows nothing (Total Files - 0, Modified - 0, Possible Threats - 0 Added - 0, Ne Reports Generated).  I have since added 'php' in the dialog box for 'Files types to be scanned' and it added 3000 files and flagged 110 files as possible threats. If it's never actually scanned anything before I'm not sure how it flagged 110 docs, a majority of which were akkeba components.  This is also a relatively new joomla install that has been running Admin Tools.

The second time I ran the scan it reported 110 files as modified as as a possible threat.

In the Basic Configurations I have - Files types to be scanned - 'php' (I added 'php')

Excluded folder not be to scanned - empty

Excluded files not to be scanned - empty

Min Exe time - 0

Max exe time - 1

runtime bias - 75

Is this the typical configuration or should I add anything else?

I have attached my reports for you to review.

Thank You,

Kurt

 

Thursday, 07 March 2013 08:05 CST

nicholas

Hello Kurt,

this is the typical configuration (although I'd set max exec time to 5 instead of 1). Regarding the meaning on the threat score I have to deffer you to our documentation where I explain this in much more depth.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Thursday, 07 March 2013 13:04 CST

user71798

I have read through

https://www.akeebabackup.com/documentation/admin-tools/php-file-scanner.html

and understand the scoring.  I guess my questions were, do I need to add 'php' to the configurations because by default it was not there and by default it does not scan php files.  The documentation seems to indicate this is done by default so it confused me as what was the correct procedure.

The other item that is confusing is the report of changed files.  The documentation says

When a file change is detected. A file change is detected only if the file is added or modified since the immediately previous scan. This means that if you scan now, modify a PHP file and scan again, it will show up as modified. If you perform a third scan right after the second one, the file will NOT be reported as changed. This is normal! The file was changed between the first and second scan, but not between the second and third scan.

 

If I am reading this correctly it would indicate that the 110 flagged files would know longer be flagged once I run the scan again because it would be comparing the previous scan but I have run additional scans and those same 110 files still come up as Modified.

 

Thursday, 07 March 2013 14:28 CST

nicholas

1. This has actually been documented in our release notes up to version 2.5.1:

Upgrade information for Professional subscribers

In version 2.5.0 we have made some adjustments to the .htaccess Maker. If you are using this feature on your site we strongly recommend that after the upgrade of Admin Tools you go to Components, Admin Tools, .htaccess Maker and click on Save and Create .htaccess.

As noted in the release notes of version 2.4.3, there have been some changes affecting Professional users upgrading from version 2.4.2 and 2.4.1. If you are one of those users please note that due to a bug in version 2.4.2 and 2.4.1 the PHP File Scanner's settings were not being saved correctly. As a result, trying to run a scan –even after upgrading to the latest version– might not work properly. If this happens please click on the blue Configure button in the PHP File Scanner page and set the following file types to scan (one on each line):

php
phps
php3
php5
inc

Make sure the minimum execution time is set to 1, maximum execution time set to 5 and runtime bias set to 75%. Then click on the Save & Close button. This will allow the PHP File Scanner to work correctly.

2. Files with a non-zero threat score are always reported as modified unless you flag them as safe

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!