Most of these are likely false positives. import.php is a bit of a question. Could be old code from site live, but could also be an attack vector.
I ran drupalgeddon scans against a dev site that wasn’t exposed to the internet to get a feel for what kind of false positives it might report before running
on a production site.
Dave
From: support-bounces@drupal.org [mailto:support-bounces@drupal.org]
On Behalf Of Muzaffer Tolga Ozses
Sent: Monday, November 03, 2014 11:35 PM
To: support@drupal.org
Subject: [support] Drupalgeddon-test
Hi,
I removed the files anyway, but I still wanted to ask you. Do you think these are false or true positives?
Suspicious file "DRUPAL_ROOT/FirePHPCore/lib/FirePHPCore/FirePHP.class.php4" discovered. [error]
Suspicious file "DRUPAL_ROOT/FirePHPCore/lib/FirePHPCore/fb.php4" discovered. [error]
Suspicious file "DRUPAL_ROOT/FirePHPCore/lib/FirePHPCore/fb.php" discovered. [error]
Suspicious file "DRUPAL_ROOT/FirePHPCore/lib/FirePHPCore/FirePHP.class.php" discovered. [error]
Suspicious file "DRUPAL_ROOT/FirePHPCore/demo/oo.php" discovered. [error]
Suspicious file "DRUPAL_ROOT/FirePHPCore/demo/procedural.php" discovered. [error]
Suspicious file "DRUPAL_ROOT/FirePHPCore/demo/procedural.php4" discovered. [error]
Suspicious file "DRUPAL_ROOT/FirePHPCore/demo/oo.php4" discovered. [error]
Suspicious file "DRUPAL_ROOT/import.php" discovered. [error]
Regards,
mto