after our latest update batch (19/02/2018) on few websites we maintain, I noticed that all of the sudden the threat score has changed.
Until this version of Admin Tools, now updated to 5.0.1, we didn't have a threat score bigger than 10, only when installing Admin tools and running PHP Scanner for the first time.
What I find even more interesting is that the new threat score system is indicating a lot of your PHP files with the score 50 and bigger.
- administrator/components/com_admintools/engine/Util/Encrypt.php score 50
- administrator/components/com_akeeba/BackupEngine/Util/Encrypt.php score 50
- libraries/vendor/simplepie/simplepie/library/SimplePie.php score 100
- administrator/components/com_akeeba/restore.php score 100
- administrator/components/com_akeeba/BackupEngine/Archiver/Jps.php score 250
- libraries/vendor/simplepie/simplepie/library/SimplePie/Misc.php score 300
Of course, there are other PHP files with threat scores up to 600. All are marked as modified or suspicious. Modified, yes, because it was updated today. That is clear.
OK, so you said a file marked as suspicious is a file that already existed during the previous scan, has not been modified and has a non-zero Threat Score. The thing is when I try to search for a specific 'suspicious' or 'modified' file I can not find it in previous reports.
For example the file libraries/tcpdf/html_entity_decode_php4.php was today marked as suspicious with a Threat score 200 on all sites we maintain.
Or, the file administrator/components/com_akeeba/BackupEngine/Archiver/Jps.php is marked as modified with a Threat score 250.
So, yeah, hmh is the best phrase of the question that's spinning in my mind now.
Paraphrased in words: Can you please tell me what has changed and what should I keep in mind when reading the reports now.
Please note: we have cronjobs setup on all sites to fire the PHP scanner once every 24 h. So yes, I check the reports whenever I see that the emails indicate some changes are made to the websites.
Tnx for your time,
|Joomla! version (in x.y.z format)||3.8.5|
|PHP version (in x.y.z format)||from 5.6.31-pl0-gentoo to 7.0.27-he.0|
|Admin Tools version (x.y.z format)||5.0.1|