Magento Security Tool False Positive? prototype.js identified as compromise injection The Next CEO of Stack OverflowMagento Security Scan not able to verify siteMagento Security Scan : some of results are UNKNOWNMagento Security Scanner does not detect SUPEE-8788Magento 2 : Security Check Can Not be Verified!Having issue with Magento 2 security scan. Magento Compromise InjectionGetting errors in Magento 1.9.3 SECURITY SCAN - Total four error critical errorSecurity Scan returning an empty reportSecurity Scan supee-10415 false positive?Is there something mad going on with Magento critical vulnerability scanner
Should I tutor a student who I know has cheated on their homework?
Anatomically Correct Strange Women In Ponds Distributing Swords
Why didn't Khan get resurrected in the Genesis Explosion?
Sending manuscript to multiple publishers
Is it ever safe to open a suspicious html file (e.g. email attachment)?
Is micro rebar a better way to reinforce concrete than rebar?
How did the Bene Gesserit know how to make a Kwisatz Haderach?
I believe this to be a fraud - hired, then asked to cash check and send cash as Bitcoin
What connection does MS Office have to Netscape Navigator?
Is it professional to write unrelated content in an almost-empty email?
Is it possible to search for a directory/file combination?
What is the result of assigning to std::vector<T>::begin()?
Are there any limitations on attacking while grappling?
What flight has the highest ratio of time difference to flight time?
Real integral using residue theorem - why doesn't this work?
Solidity! Invalid implicit conversion from string memory to bytes memory requested
Received an invoice from my ex-employer billing me for training; how to handle?
Several mode to write the symbol of a vector
If Nick Fury and Coulson already knew about aliens (Kree and Skrull) why did they wait until Thor's appearance to start making weapons?
sp_blitzCache results Memory grants
How do I reset passwords on multiple websites easily?
Can we say or write : "No, it'sn't"?
How long to clear the 'suck zone' of a turbofan after start is initiated?
Can I equip Skullclamp on a creature I am sacrificing?
Magento Security Tool False Positive? prototype.js identified as compromise injection
The Next CEO of Stack OverflowMagento Security Scan not able to verify siteMagento Security Scan : some of results are UNKNOWNMagento Security Scanner does not detect SUPEE-8788Magento 2 : Security Check Can Not be Verified!Having issue with Magento 2 security scan. Magento Compromise InjectionGetting errors in Magento 1.9.3 SECURITY SCAN - Total four error critical errorSecurity Scan returning an empty reportSecurity Scan supee-10415 false positive?Is there something mad going on with Magento critical vulnerability scanner
Is anyone else having issues with Magento Security Tool Scanner?
https://account.magento.com/scanner/
Your site is compromised with injected JavaScript. (79)
The malicious code signature(s) has been found in resources:
/js/prototype/prototype.js
/js/prototype/validation.js
/js/scriptaculous/controls.js
I am getting this scan failure on 12 different magento sites so it must be a false positive. Yesterday all sites were passing the scanner. Today they all say they are compromised injected with malware.
All warnings on all sites are pointing to prototype.js
security-scan-tool
add a comment |
Is anyone else having issues with Magento Security Tool Scanner?
https://account.magento.com/scanner/
Your site is compromised with injected JavaScript. (79)
The malicious code signature(s) has been found in resources:
/js/prototype/prototype.js
/js/prototype/validation.js
/js/scriptaculous/controls.js
I am getting this scan failure on 12 different magento sites so it must be a false positive. Yesterday all sites were passing the scanner. Today they all say they are compromised injected with malware.
All warnings on all sites are pointing to prototype.js
security-scan-tool
Having the same issue.
– chirag
Apr 16 '18 at 14:29
add a comment |
Is anyone else having issues with Magento Security Tool Scanner?
https://account.magento.com/scanner/
Your site is compromised with injected JavaScript. (79)
The malicious code signature(s) has been found in resources:
/js/prototype/prototype.js
/js/prototype/validation.js
/js/scriptaculous/controls.js
I am getting this scan failure on 12 different magento sites so it must be a false positive. Yesterday all sites were passing the scanner. Today they all say they are compromised injected with malware.
All warnings on all sites are pointing to prototype.js
security-scan-tool
Is anyone else having issues with Magento Security Tool Scanner?
https://account.magento.com/scanner/
Your site is compromised with injected JavaScript. (79)
The malicious code signature(s) has been found in resources:
/js/prototype/prototype.js
/js/prototype/validation.js
/js/scriptaculous/controls.js
I am getting this scan failure on 12 different magento sites so it must be a false positive. Yesterday all sites were passing the scanner. Today they all say they are compromised injected with malware.
All warnings on all sites are pointing to prototype.js
security-scan-tool
security-scan-tool
edited 42 mins ago
Teja Bhagavan Kollepara
3,01241949
3,01241949
asked Apr 3 '18 at 14:31
mpersingermpersinger
111
111
Having the same issue.
– chirag
Apr 16 '18 at 14:29
add a comment |
Having the same issue.
– chirag
Apr 16 '18 at 14:29
Having the same issue.
– chirag
Apr 16 '18 at 14:29
Having the same issue.
– chirag
Apr 16 '18 at 14:29
add a comment |
1 Answer
1
active
oldest
votes
Run head against the files and tail and see if you have any base64 etc at the top or bottom. Don’t just edit in nano or something. It might be a false positive but most likely will be revealed by head command or tail.
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "479"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmagento.stackexchange.com%2fquestions%2f220901%2fmagento-security-tool-false-positive-prototype-js-identified-as-compromise-inje%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Run head against the files and tail and see if you have any base64 etc at the top or bottom. Don’t just edit in nano or something. It might be a false positive but most likely will be revealed by head command or tail.
add a comment |
Run head against the files and tail and see if you have any base64 etc at the top or bottom. Don’t just edit in nano or something. It might be a false positive but most likely will be revealed by head command or tail.
add a comment |
Run head against the files and tail and see if you have any base64 etc at the top or bottom. Don’t just edit in nano or something. It might be a false positive but most likely will be revealed by head command or tail.
Run head against the files and tail and see if you have any base64 etc at the top or bottom. Don’t just edit in nano or something. It might be a false positive but most likely will be revealed by head command or tail.
answered Apr 3 '18 at 20:04
Timothy FrewTimothy Frew
31929
31929
add a comment |
add a comment |
Thanks for contributing an answer to Magento Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmagento.stackexchange.com%2fquestions%2f220901%2fmagento-security-tool-false-positive-prototype-js-identified-as-compromise-inje%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Having the same issue.
– chirag
Apr 16 '18 at 14:29