Welcome to the LimeSurvey Community Forum

Ask the community, share ideas, and connect with other LimeSurvey users!

Malware found in conditionsaction.php

  • Dollys
  • Dollys's Avatar Topic Author
  • Offline
  • New Member
  • New Member
More
3 years 10 months ago #199936 by Dollys
Hi,

My LimeSurvey is slefhosted and my host found malware Generic:PHP/Backdoor.A in the file application/controllers/admin/conditionsaction.php
I download this file from the website www.limesurvey.org/lts-releases-download
CE release 3.22.14 and 3.22.16 are the same files: conditionsaction.php
This error is in the original downloaded files fomr both versions.

Does someone know why this file is recognized as Malware? Is this file Malware?
How can I solve this problem?

Regards, Dollys
The topic has been locked.
  • DenisChenu
  • DenisChenu's Avatar
  • Offline
  • LimeSurvey Community Team
  • LimeSurvey Community Team
More
3 years 10 months ago #199940 by DenisChenu
Replied by DenisChenu on topic Malware found in conditionsaction.php
Since you can look at code : github.com/LimeSurvey/LimeSurvey/blob/ma...conditionsaction.php

I don't think it's a malware … except if your's are different …

False positive : see with your host the tool they used.

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
The topic has been locked.
  • Dollys
  • Dollys's Avatar Topic Author
  • Offline
  • New Member
  • New Member
More
3 years 10 months ago #199944 by Dollys
Replied by Dollys on topic Malware found in conditionsaction.php
Thank you!
A lot different between the 2 files. I'have replaced it and request a new security-scan by the host.
Í let you hear the result, it can take a few hours.
The topic has been locked.
More
3 years 10 months ago - 3 years 10 months ago #199948 by jelo
Replied by jelo on topic Malware found in conditionsaction.php

DenisChenu wrote: Since you can look at code : github.com/LimeSurvey/LimeSurvey/blob/ma...conditionsaction.php

The Github file should be different, cause you liked to the master, not the LTS.
github.com/LimeSurvey/LimeSurvey/blob/3....conditionsaction.php


The LTS-repository file and the file in the downloadfile is 100% identical. So not simple modification or replacement by an unknown party.

Dollys wrote: my host found malware Generic:PHP/Backdoor.A in the file application/controllers/admin/conditionsaction.php


With "my host" you mean your provider? You got an email with the info that conditionsaction.php was classified as "Generic:PHP/Backdoor.A"?

Would be interesting to know what tool/signature database was used. Currently it looks like a false positive as Denis already stated.

The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users
Last edit: 3 years 10 months ago by jelo.
The following user(s) said Thank You: DenisChenu
The topic has been locked.
  • Dollys
  • Dollys's Avatar Topic Author
  • Offline
  • New Member
  • New Member
More
3 years 10 months ago #199953 by Dollys
Replied by Dollys on topic Malware found in conditionsaction.php
Thank you for the reply.

Yes, host I meant provider.

The file also was marked as Malware from Master-github.
I replace the new file and asked for a new scan.

It's found with www.patchman.co/
Do you know this tool?
The topic has been locked.
More
3 years 10 months ago #199956 by jelo
Replied by jelo on topic Malware found in conditionsaction.php

Dollys wrote: I replace the new file and asked for a new scan.

The file you downloaded from GITHUB is not the LTS version but the master version. So it quite normal that there are differences. I recommend to revert that replacement.

Thanks for providing infos about the scantool. I haven't used it.

The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users
The topic has been locked.
  • DenisChenu
  • DenisChenu's Avatar
  • Offline
  • LimeSurvey Community Team
  • LimeSurvey Community Team
More
3 years 10 months ago #199957 by DenisChenu
Replied by DenisChenu on topic Malware found in conditionsaction.php

jelo wrote:

DenisChenu wrote: Since you can look at code : github.com/LimeSurvey/LimeSurvey/blob/ma...conditionsaction.php

The Github file should be different, cause you liked to the master, not the LTS.
github.com/LimeSurvey/LimeSurvey/blob/3....conditionsaction.php

Totally right !

jelo wrote: The LTS-repository file and the file in the downloadfile is 100% identical. So not simple modification or replacement by an unknown party.

Thanks :)

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand , plugin development .
I don't answer to private message.
The topic has been locked.
  • Dollys
  • Dollys's Avatar Topic Author
  • Offline
  • New Member
  • New Member
More
3 years 10 months ago #199962 by Dollys
Replied by Dollys on topic Malware found in conditionsaction.php
I replaced the file with the LTS-one en also this file after check from patchman result into: "malware Generic:PHP/Backdoor.A"
The topic has been locked.
  • Dollys
  • Dollys's Avatar Topic Author
  • Offline
  • New Member
  • New Member
More
3 years 10 months ago #199982 by Dollys
Replied by Dollys on topic Malware found in conditionsaction.php
The provider asked the makers of Patchman for the file.
I'm waiting for it and let you know.
The topic has been locked.
  • Dollys
  • Dollys's Avatar Topic Author
  • Offline
  • New Member
  • New Member
More
3 years 10 months ago #200051 by Dollys
Replied by Dollys on topic Malware found in conditionsaction.php
It's a false positive detection.
The makers of Patchman said so and add this to patchman so it never happen again.
Tank you for the support!
Regards
The topic has been locked.

Lime-years ahead

Online-surveys for every purse and purpose