ycfkurl reported

ycfkurl reported

by Timothy Bolton Milhas -
Number of replies: 2

Running a security check on my site resulted in a ycfkurl spam link. This related to two files (essentially the same file in two places)

  • user/tests/externallib_test.php
  • files/tests/externallib_test.php
I have checked the files against the current version and they are unchanged, original installation files. However, this piqued my curiosity about the "tests" directories. I have not found any clear explanation of these directories in the Moodle documentation - how are they used? Are they necessary? Can they be deleted?
Average of ratings: -
In reply to Timothy Bolton Milhas

Re: ycfkurl reported

by John Okely -

These are for automated testing, here's an explanation from the docs: https://docs.moodle.org/dev/Testing#Automated_testing

Could you give more details about the security check result? It sounds like a false positive to me

Average of ratings: -
In reply to John Okely

Re: ycfkurl reported

by Tristin Mock -

I just found this old comment when I ran into the same issue. I had the result come back in Gravityscan. 


Title:

A spam link known as ycfkurl found in 2 files

Type / ID:

Malware - Spam Link / 4511

Severity:

Critical (10.0) 

Product:

Content 

Description:

WARNING: Visiting these pages in your browser may cause harm to your computer. We recommended that you try to locate the offending string in the source file or in your database. If you do decide to visit a page with malware make sure to turn Javascript off prior to visiting the page.

$filepath = "/";
        $filename = "Simple.txt

Found in the following file(s):

All file paths given are notated relative to []

  • ./moodle/user/tests/externallib_test.php
  • ./moodle/files/tests/externallib_test.php


Average of ratings: -