Security Scan Tool, site is compromised with injec...

samwhitney1993 · ‎04-05-2018

The Magento stores we have setup on the security scan tool have all been flagged as site is compromised with injected JavaScript, however when we view the source files it lists as being infected they haven't been updated since original Magento installation and they match up to newly downloaded versions of the same files. As they have all been flagged on the latest scan for all the same files that have not been edited it seems like a false positive.

Any ideas what it is that they think is evidence of a compromise? Or how to stop it being shown as a compromise?

The following files are common across different magento stores as being compromised:

/js/prototype/prototype.js
/js/prototype/validation.js
/js/scriptaculous/controls.js

Thankyou in advance for any help/advice you can provide.

Damian Culotta · ‎04-08-2018

Hi @samwhitney1993,

Which version of Magento are you using?

samwhitney1993 · ‎04-09-2018

Hi @Damian Culotta

Thankyou for getting back to me, the error does seems to have fixed itself as this is no longer flagging on any of the stores we have setup on the security tool.

The error was showing across several versions: 1.7.0.2, 1.8.1 and 1.9.2.1. All of which had up to date patches installed.

Damian Culotta · ‎04-09-2018

Hi @samwhitney1993,

I've saw a similar message in a scan result of a store with all the patches (so I can't explain the result)

Maybe @sherrie can point us in the right direction. I'm not sure where or who we can ask or comment this kind of issues with the Security Scan.

msavich · ‎04-10-2018

Confirmed the false positive.

The issue is fixed now.

Please re-run the scan.

msavich · ‎04-10-2018

Feel free to contact Magento Security Team regarding the security scan tool over support team or directly at security@magento.com

To report a proven security vulnerability please submit it over BugCrowd project: https://bugcrowd.com/magento

Best regards,

Damian Culotta · ‎04-10-2018

Thank you @msavich!

fieldcutter · ‎04-22-2018

Seems to be happening on Magento 2.2.3, so not fixed

We are getting "Your site is compromised with injected JavaScript. (68)" ........

Have scanned using lots of other tools including magereport.com and run malware scans directly on the files system, and dumped page source code, all report zero problems

Only the Magento Security Scan Tool reports this

msavich · ‎05-10-2018

Please re-check. It should be fixed now.

Sergio Alfaro · ‎05-20-2018

Hello.

We received this message with last week scan:

Your site is compromised with injected JavaScript. (131)
The malicious code signature(s) has been found on the page.

v1.7.0.2

All security patchs up to date

Runned many malware / antivir tools, in own server and online tools. None of them found anything wrong.

Can be again false positive?

thanks.

Security Scan Tool, site is compromised with injected JavaScript false positive?

Security Scan Tool, site is compromised with injected JavaScript false positive?

Re: Security Scan Tool, site is compromised with injected JavaScript false positive?

Re: Security Scan Tool, site is compromised with injected JavaScript false positive?

Re: Security Scan Tool, site is compromised with injected JavaScript false positive?

Re: Security Scan Tool, site is compromised with injected JavaScript false positive?

Re: Security Scan Tool, site is compromised with injected JavaScript false positive?

Re: Security Scan Tool, site is compromised with injected JavaScript false positive?

Re: Security Scan Tool, site is compromised with injected JavaScript false positive?

Re: Security Scan Tool, site is compromised with injected JavaScript false positive?

Re: Security Scan Tool, site is compromised with injected JavaScript false positive?