Ninja Scanner and Ninja Firewall

  • Resolved fercher

    (@fercher)


    3 years ago

    Hello,
    I use Worpdpress 5.8.1. and Ninja Firewall (free) and Ninja Scanner (free).
    Ninja Scanner marks this file as corrupted:
    my_own_path/sicherheit/htninja-google.txt
    Reason: JS.generic.obfuscation.1
    If I edit the file, I see the warning:
    “Suspicious code is highlighted”, but no text is highlighted,
    but the file contains some “critical” activities.
    Thx in advance for your hints.
    Josef

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author nintechnet

    (@nintechnet)

    If you edited the file, you would need to run another scan.
    The “JS.generic.obfuscation.1” signature looks for JS code such as String.fromCharCode. Do you see that in the file?

    Thread Starter fercher

    (@fercher)

    Yes, I see it in some lines, for example:
    29/Jun/19 12:52:25 #6615384 CRITICAL 115 35.197.206.142 POST /index.php – Cross-site scripting – [POST:wp-piwik = manually <script async=true type=text/javascript language=javascript>var nt = String.fromCharCode(98, 122);var mb = String.fromCharCode(97, 106, 97, 120, 67, 111, 117, 110, 116, 101,…] – netzjahre.com

    Such lines where listed before and after another scan, too.

    Thread Starter fercher

    (@fercher)

    “String.fromCharCode(97, 106, 97, 120, 67, 111, 117,”
    is highlited as suspicious in the new scan.

    Plugin Author nintechnet

    (@nintechnet)

    It is definitely an hacking attempt. Someone’s trying to inject rogue JS code.

    Anonymous User 17880307

    (@anonymized-17880307)

    @nintechnet I think there is no real hacking attempt here since a static file is the culprit.

    See https://netzjahre.com/sicherheit/htninja-google.txt

    @fercher maybe you forgot that this old static file is there. You can safely ignore it.

    Plugin Author nintechnet

    (@nintechnet)

    Yes, it’s an old NinjaFirewall log; it’s harmless and can be deleted.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Ninja Scanner and Ninja Firewall’ is closed to new replies.