Magento Forums
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Magento security scan false reading, anyway to contact Magento?

‎11-08-2017 09:23 AM
‎11-08-2017 09:23 AM

Magento security scan false reading, anyway to contact Magento?

I signed up for the Magento security scan. For my second scan I received- Your site is compromised with injected JavaScript
The malicious code signature(s) has been found in resources:

 

After some research the code is backbone.js-  https://github.com/jashkenas/backbone/blob/0.9.2/backbone-min.js the code has not been changed at all. Maybe it is a little older version which is why it was flagged but there is no malicious code. I wanted to give feedback on the scanner but couldn't see where.

Labels:
0 Kudos
Reply
5 REPLIES 5
‎11-08-2017 10:22 AM
‎11-08-2017 10:22 AM

Re: Magento security scan false reading, anyway to contact Magento?

How did you find out that was backbone? Did magento specifically show backbone-min.js in its report?

Hire a Certified Magento Developer in USA | Magento Optimization Service
0 Kudos
Reply
‎11-08-2017 10:38 AM
‎11-08-2017 10:38 AM

Re: Magento security scan false reading, anyway to contact Magento?

Yes it did.
0 Kudos
Reply
‎11-08-2017 10:49 AM
‎11-08-2017 10:49 AM

Re: Magento security scan false reading, anyway to contact Magento?

Then I would trust Magento experts on it. How much you depend on that script? Try find an alternative.

You could let Magento know though.

Hire a Certified Magento Developer in USA | Magento Optimization Service
0 Kudos
Reply
‎11-08-2017 10:55 AM
‎11-08-2017 10:55 AM

Re: Magento security scan false reading, anyway to contact Magento?

It is backbone.js which is pretty common but it comes from an extension. I
don't want to update unless I know it works.

I am trying to figure out how to let Magento know.
0 Kudos
Reply
‎11-08-2017 11:07 AM
‎11-08-2017 11:07 AM

Re: Magento security scan false reading, anyway to contact Magento?

They might be tough to get a hold of. 

Try contacting Sherrie https://community.magento.com/t5/user/viewprofilepage/user-id/7 She is a Community Manager. She responds fast and might be able to introduce you to security scan support team.

Hire a Certified Magento Developer in USA | Magento Optimization Service
0 Kudos
Reply