Most of these are likely false positives. import.php is a bit of a question. Could be old code from site live, but could also be an attack vector.

I ran drupalgeddon scans against a dev site that wasn’t exposed to the internet to get a feel for what kind of false positives it might report before running on a production site.

Dave

From: support-bounces@drupal.org [mailto:support-bounces@drupal.org] On Behalf Of Muzaffer Tolga Ozses Sent: Monday, November 03, 2014 11:35 PM To: support@drupal.org Subject: [support] Drupalgeddon-test

Hi,

I removed the files anyway, but I still wanted to ask you. Do you think these are false or true positives?

Suspicious file "DRUPAL_ROOT/FirePHPCore/lib/FirePHPCore/FirePHP.class.php4" discovered. [error] Suspicious file "DRUPAL_ROOT/FirePHPCore/lib/FirePHPCore/fb.php4" discovered. [error] Suspicious file "DRUPAL_ROOT/FirePHPCore/lib/FirePHPCore/fb.php" discovered. [error] Suspicious file "DRUPAL_ROOT/FirePHPCore/lib/FirePHPCore/FirePHP.class.php" discovered. [error] Suspicious file "DRUPAL_ROOT/FirePHPCore/demo/oo.php" discovered. [error] Suspicious file "DRUPAL_ROOT/FirePHPCore/demo/procedural.php" discovered. [error] Suspicious file "DRUPAL_ROOT/FirePHPCore/demo/procedural.php4" discovered. [error] Suspicious file "DRUPAL_ROOT/FirePHPCore/demo/oo.php4" discovered. [error] Suspicious file "DRUPAL_ROOT/import.php" discovered. [error]

Regards, mto