cancel
Showing results for 
Search instead for 
Did you mean: 

Magento security scan false reading, anyway to contact Magento?

Magento security scan false reading, anyway to contact Magento?

I signed up for the Magento security scan. For my second scan I received- Your site is compromised with injected JavaScript
The malicious code signature(s) has been found in resources:

 

After some research the code is backbone.js-  https://github.com/jashkenas/backbone/blob/0.9.2/backbone-min.js the code has not been changed at all. Maybe it is a little older version which is why it was flagged but there is no malicious code. I wanted to give feedback on the scanner but couldn't see where.

5 REPLIES 5

Re: Magento security scan false reading, anyway to contact Magento?

How did you find out that was backbone? Did magento specifically show backbone-min.js in its report?

Re: Magento security scan false reading, anyway to contact Magento?

Yes it did.

Re: Magento security scan false reading, anyway to contact Magento?

Then I would trust Magento experts on it. How much you depend on that script? Try find an alternative.

You could let Magento know though.

Re: Magento security scan false reading, anyway to contact Magento?

It is backbone.js which is pretty common but it comes from an extension. I
don't want to update unless I know it works.

I am trying to figure out how to let Magento know.

Re: Magento security scan false reading, anyway to contact Magento?

They might be tough to get a hold of. 

Try contacting Sherrie https://community.magento.com/t5/user/viewprofilepage/user-id/7 She is a Community Manager. She responds fast and might be able to introduce you to security scan support team.