Support

Admin Tools

#23476 PHP Scanner - Changed Files

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by on Saturday, 14 November 2015 17:20 CST

bdachterman
 Is there a "Changed File" document which can help assure us of authorized changes to Admin Tools files? PHP Scanner is showing a threat of 10 for changes made to com_admintools/models/adminpw.php and it would be assuring to know you made those changes.

nicholas
Akeeba Staff
Manager
Hello Bruce,

Unfortunately we can't produce one, not because it's technically impossible (it's actually easy) but because "changed files" only make sense between two versions. So the question becomes: between which two versions?

However we came up with an even better solution! Admin Tools actually checks the integrity of its own files every time you visit its main page (Components, Admin Tools). Wait for 5-10 seconds. If the integrity of the files is compromised it shows a Big, Scary, Red Error Box. No error box = all good. The file check has two dimensions: fast and slow check. In the fast check only the file size is checked. In the slow check we check the contents of each file and ensure that it's intact by calculating both the MD5 and SHA1 signature of the contents. Both the fast and slow checks run every time you access the Admin Tools backend.

If in doubt here's the easy way to check that Admin Tools is not compromised:
  1. Download and extract the latest ZIP file of Admin Tools from our site
  2. Take the backend/fileslist.php file and copy it to your site's administrator/components/com_admintools directory by SFTP
  3. Normally the file should be identical to the one on your site. If it's not, you're probably hacked.
  4. Now visit Components, Admin Tools. If there's no error message after 10 seconds you're safe.
  5. Now run PHP File Scanner and mark as safe all changes to files under administrator/components/com_admintools, components/com_admintools, media/com_admintools and plugins/system/admintools.


Steps 1 to 3 can be skipped if you just installed the update and you're not feeling absolutely paranoid.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

System Task
system
This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!