While you were there chilling with your families, stuffing yourself with turkey and chocolate, I was busy releasing yet more new features into the myJoomla suite of tools. If you login to your account (Or signup for FREE today) you will see a whole suite of new things to look at, all wrapped up in a new look and feel too.
I have to be honest and say that I don’t have the best memory in the world and what makes it even worse is that I also get easily distracted.
The first time that I ran My Audit I did what problem everyone of you will do and ran it on my personal website. Of course my website is set up perfectly, on a great web host, and everything is always up-to-date so I didn’t expect My Audit to actually find anything.
To my surprise it discovered one file with malicious or suspicious content. Because I’m familiar with the methods that the tool is using to determine if a file may be malicious or not I wasn’t too worried as I was convinced that it would be a false positive.
I was intrigued to see what had triggered the tool and was looking forward to telling Phil about a bug. Using the tool I selected the option to display the lines of code that it thought were either malicious or suspicious.
To my shock and horror what was revealed was perhaps the nastiest, most powerful hacker tool that I have ever come across.
What made it worse was that I could see from a comment in the file that this was the same tool that I had discovered on a client’s website, had broken the password for and had uploaded to my own website to see exactly what it could do.
Obviously I must have been distracted, most likely by twitter, Skype or Facebook, and completely forgotten to remove it from my website. Checking the dates I can now see that this file had been left unprotected on the site for several months. What a lucky boy I am that not only did no one else discover it but that My Audit found it and removed it for me.
Of course I was using the tool during the test phase and I might even have been the first person to have used it. Not surprisingly Phil was monitoring all the results from the tool to make sure he was doing his job. No sooner had the tool reported the malicious file then Phil sent me a message to let me know that the tool had done it’s job. Of course he assumed that I placed the file there is a test for him to see if my audit would find it and he was happy that it had.
I didn’t tell him that to my shame that it had been there for a while but I guess I just have. Thanks Phil for saving me from a potentially embarrassing incident.