Closed jaygilmore closed 6 years ago
FYI, I found this magento scanner and it seems to have some nice rules. Not sure if there's anything you could use. https://github.com/gwillem/magento-malware-scanner/tree/master/rules
At the first look we have a way bigger rules than magento malware scanner list, but i will take a deeper look.
Patterns pushed, you can test it now.
The following files are commonly located in assets/images in compromised MODX CMS Revolution sites that were exploited using a vulnerability in versions below 2.2.15:
https://gist.github.com/jaygilmore/d6a6c1ae03420698cad1ea3135b38dd4 https://gist.github.com/jaygilmore/60410fdb1e37006786712379d9020de6 https://gist.github.com/jaygilmore/27b8c8037ad2120343a360ff68596ae8 (sorry, this one wp-post.php was found by the scanner).
All are different. The accesson.php one is the most commonly found file among hacked MODX sites.