My VPS (debian 9) was infected by malware (a wordpress site and a dokuwiki site were redirecting to another site) and my vps's /tmp dir
was getting filled with various html files.
One of the things i learned is that existence of online 'Web sites vulnerabilty scanner'
One of those
https://www.quttera.com reports 70 files of my dk installation as suspicious
because of snippets like the one below:
Detected encoded JavaScript code commonly used to hide suspicious behaviour.
Details: Generic suspicious JavaScript code
[[<script type="text/javascript" charset="utf-8" src="/lib/exe/jquery.php?tseed=23f888679b4f1dc26eef34902aca964f"></script>]]
I guess is false alarm since I've found tseed in
/inc/template.php/tpl_metaheaders
...
219 $head = array();
220
221 // prepare seed for js and css
222 $tseed = $updateVersion;
223 $depends = getConfigFiles('main');
224 $depends[] = DOKU_CONF."tpl/".$conf['template']."/style.ini";
225 foreach($depends as $f) $tseed .= @filemtime($f);
226 $tseed = md5($tseed);
...
So i'm curious basically , why that code is suspicious and why md5 is needed on $tseed and what's the purpose of $tseed.
Thanks.