add grid header.

App_LocalResources/View.ascx.resx

@@ -184,7 +184,7 @@
     <value>Last name</value>
   </data>
   <data name="ScannerExplanation.Text" xml:space="preserve">
-    <value>This tab allows you to search the filesystem and database for any term, which is useful for the case where your site is showing unwanted content you wish to locate.<br />THIS OPERATION MAY TIME OUT</value>
+    <value />
   </data>
   <data name="Username.Header" xml:space="preserve">
     <value>Username</value>
@@ -350,10 +350,10 @@
     <value>Tab Settings</value>
   </data>
   <data name="ModifiedSettingsExplaination.Text" xml:space="preserve">
-    <value>Below are the system settings that were modified recently. Have a look at these settings to see if something looks suspicious here. Pay close attention to the Last Modification Date.<br />IT IS OK TO HAVE ITEMS LISTED HERE.</value>
+    <value />
   </data>
   <data name="ModifiedFilesExplaination.Text" xml:space="preserve">
-    <value>Below are the files that were modified recently. Have a look at these files to see if something looks suspicious here. Pay close attention to the Last Modification Date. <br /> IT IS OK TO HAVE FILES LISTED HERE.</value>
+    <value />
   </data>
   <data name="ModifiedFilesLoadWarning.Text" xml:space="preserve">
     <value>Tool will enumerate all files in your system to show the recently changed files. It may take a while on a site with lots of files.</value>
@@ -374,13 +374,13 @@
     <value>The passwordFormat is set as Hashed in web.config</value>
   </data>
   <data name="CheckAllowableFileExtensionsFailure.Text" xml:space="preserve">
-    <value>Either aspx, asp or php files were found in allowable file extensions setting. This will allow hackers to upload code. Remove these extensions at Host > Host Settings > Other Settings > Allowable File Extensions</value>
+    <value>Either aspx, asp or php files were found in allowable file extensions setting. This will allow hackers to upload code. Remove these extensions at Host &gt; Host Settings &gt; Other Settings &gt; Allowable File Extensions</value>
   </data>
   <data name="CheckAllowableFileExtensionsName.Text" xml:space="preserve">
     <value>Check if there are any harmful extensions allowed by the file uploader</value>
   </data>
   <data name="CheckAllowableFileExtensionsReason.Text" xml:space="preserve">
-    <value>Either aspx, asp or php files were found in allowable file extensions setting. This will allow hackers to upload code. Remove these extensions at Host > Host Settings > Other Settings > Allowable File Extensions</value>
+    <value>Either aspx, asp or php files were found in allowable file extensions setting. This will allow hackers to upload code. Remove these extensions at Host &gt; Host Settings &gt; Other Settings &gt; Allowable File Extensions</value>
   </data>
   <data name="CheckAllowableFileExtensionsSuccess.Text" xml:space="preserve">
     <value>The allowable file extensions is setup correctly.</value>
@@ -412,4 +412,10 @@
   <data name="SysAdmin.Error" xml:space="preserve">
     <value>Current SQL Server account is 'sysadmin'.</value>
   </data>
+  <data name="HighRiskFiles.Text" xml:space="preserve">
+    <value>High Risk Files</value>
+  </data>
+  <data name="LowRiskFiles.Text" xml:space="preserve">
+    <value>Low Risk Files</value>
+  </data>
 </root>

Components/Utility.cs

@@ -23,6 +23,9 @@ public class Utility
             new Regex(Regex.Escape("\\d+-System\\Thumbnailsy"), RegexOptions.Compiled | RegexOptions.IgnoreCase),
             new Regex(Regex.Escape("\\Portals\\_default\\Logs"), RegexOptions.Compiled | RegexOptions.IgnoreCase),
             new Regex(Regex.Escape("\\App_Data\\_imagecache"), RegexOptions.Compiled | RegexOptions.IgnoreCase),
+            new Regex(Regex.Escape(AppDomain.CurrentDomain.BaseDirectory + "Default.aspx"), RegexOptions.Compiled | RegexOptions.IgnoreCase),
+            new Regex(Regex.Escape(AppDomain.CurrentDomain.BaseDirectory + "Default.aspx.cs"), RegexOptions.Compiled | RegexOptions.IgnoreCase),
+            new Regex(Regex.Escape(AppDomain.CurrentDomain.BaseDirectory + "web.config"), RegexOptions.Compiled | RegexOptions.IgnoreCase),
         };
 
         private const long MaxFileSize = 1024*1024*10; //10M
@@ -228,12 +231,21 @@ public static IList<FileInfo> GetLastModifiedExecutableFiles()
                 {
                     var extension = Path.GetExtension(f);
                     return extension != null && executableExtensions.Contains(extension.ToLowerInvariant());
-                })
-                .Select(f => new FileInfo(f))
-                .OrderByDescending(f => f.LastWriteTime)
-                .Take(ModifiedFilesCount).ToList();
+                }).ToList();
+            files.Add(Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "Default.aspx.cs"));
+            files.Add(Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "web.config"));
+
+            var defaultPage = Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "Default.aspx");
+            if (!files.Contains(defaultPage))
+            {
+                files.Add(defaultPage);
+            }
+
+            return files
+            .Select(f => new FileInfo(f))
+            .OrderByDescending(f => f.LastWriteTime)
+            .Take(ModifiedFilesCount).ToList();
 
-            return files;
         }
     }
 }

View.ascx

@@ -153,6 +153,7 @@
         <br/>
         <br/>
         <div>
+            <h2><%=LocalizeString("HighRiskFiles") %></h2>
             <asp:DataGrid id="dgModifiedExecutableFiles" runat="server" AutoGenerateColumns="false" AllowPaging="false" visible="true" width="100%" GridLines="None" CssClass="dnnGrid">
                 <headerstyle CssClass="dnnGridHeader"/>
                 <itemstyle CssClass="dnnGridItem" horizontalalign="Left"/>
@@ -173,6 +174,7 @@
                     </asp:TemplateColumn>
                 </Columns>
             </asp:DataGrid>
+            <h2><%=LocalizeString("LowRiskFiles") %></h2>
             <asp:DataGrid id="dgModifiedFiles" runat="server" AutoGenerateColumns="false" AllowPaging="false" visible="true" width="100%" GridLines="None" CssClass="dnnGrid">
                 <headerstyle CssClass="dnnGridHeader"/>
                 <itemstyle CssClass="dnnGridItem" horizontalalign="Left"/>