Hidden Folders files Alert on S2member files

Probably nothing to worry about. Most likely the folder or file that was detected by HPF in your /plugins/ folder is innocent/not malicious. We are tracking the new HPF feature results here: https://forum.ait-pro.com/forums/topic/hidden-plugin-folderfiles-alert/. So post the HPF Dashboard alert you are seeing here or in the forum link above and we will let you know if everything is ok.

Path: /home/mysite/public_html/wp-content/plugins/functions.php
Last Modified Time: June 2, 2015 @ 9:22 pm

go away.
Plugin Folder Path: /home/mysite/public_html/wp-content/plugins/s2member-logs
Last Modified Time: October 26,

Alert go away.
Plugin Folder Path: /home/mysite/public_html/wp-content/plugins/s2member-files
Last Modified Time: October

Check the functions.php file to make sure it does not contain any hacker code. To create ignore rules for the functions.php file and the other s2member folders use the Ignore Hidden Plugin Folders & Files text area option and enter: functions.php, s2member-logs, s2member-files

What to do if a hidden plugin folder or file is detected
If a hidden or empty plugin folder is detected or a non-standard WP file is detected then you would use FTP to check the folder or file. If the folder or file contains hacker code or is a hidden plugin or is a non-standard WP file then make a copy of it and delete it. If the plugin folder is just an empty plugin folder then delete it. If you recognize the folder or file you can use the Ignore Hidden Plugin Folders & Files textarea box option to ignore/not check this folder or file.

Ignore Hidden Plugin Folders & Files:
This option is for adding ignore rules for Hidden or Empty Plugin Folders Detected by BPS or Non-standard WP files detected by BPS in your /plugins/ folder. This is an independent option setting that does not require clicking any other buttons. Example Usage: If you intentionally have an empty plugin folder in your /plugins/ folder or you have a custom file in your /plugins/ folder then you can add the plugin folder or custom file name in the Ignore Hidden Plugin Folders & Files textarea box so that the HPF Cron check will ignore any folder or file names that you add. Add Ignore rules using plugin folder names or file names. Use a comma and a space between folder and/or file names. Example Ignore Rules: plugin-folder-name, example-file-name.php

Okay, it caused by the mobile ad code from Plugrush Ads Network. Removed it from our functions.php.
And we can say there are htaccess files around inside of the s2member-logs and s2member-files folders. Maybe they are created by the plugin itself.

But I was seeking this mobile ad code in order to remove it for almost 1 year.
Thanks that HPF feature founds that.

Should I continue to use HPF feature or disable it? Because its automatic emails spamming my email box every hour.

My hosting service provider has sent me a alert:

Malicious content has been detected on your website (will not list domain name here). To prevent the website from being used for malicious intent (e.g. spamming, phishing and network abuse), we have quarantined the files by moving them to the folder named ‘quarantine’ in the home directory of the domain. The scan detected the following malicious content:

./wp-content/bps-backup/logs/http_error_log.txt: Win.Trojan.Hide-1 FOUND

I run dozens of sites with BPS and this means I will now have to uninstall BPS on all of them and replace with another suitable plugin. This has not been the first alert btw.

Regards
Hennie

But I was seeking this mobile ad code in order to remove it for almost 1 year.
Thanks that HPF feature founds that.

Yep, we expected that there would nice additional benefits like the one you described.

Do these steps to stop the email alerts from being sent.
1. Go to the Ignore Hidden Plugin Folders & Files textarea box.
2. Paste this into the textarea box: s2member-logs, s2member-files
3. Click the Save Plugin Folder|Files Ignore Rules button.

@dumel – The /wp-content/bps-backup/logs/http_error_log.txt file is the BPS Security Log file, which has the capability to capture entire hacker scripts/code used in attempts by hackers trying to hack your website. If you do not want to do that then go to the Security Log page > check the Limit POST Request Body Data checkbox option > click the Save Limit POST Request Body Data. BPS will only log a small amount of hacker code used to try and hack your website and your host should no longer falsely see/detect malicious content/code.

Security Log Read Me Help button help text

Limit POST Request Body Data
The maximum Security Log Request Body Data capture/log limit is 250000 maximum characters, which is roughly about 250KB in size. The Limit POST Request Body Data checkbox option limits the maximum number of Request Body Data characters captured/logged in the Request Body logging field to 500 characters, which is roughly 5KB in size. The Limit POST Request Body Data checkbox is checked by default. You can capture/log entire hacking scripts if you uncheck the Limit POST Request Body Data checkbox (See Note below), but that means your log file size could increase dramatically and you could receive more automated Security Log zip file emails. If you are using email security protection on your computer then your zipped Security Log files may be seen as containing a virus (hacker script/code) and they could be automatically deleted by your email protection application on your computer. Your computer security protection software may also see the Security Log file as malicious and block it. If you do not want to capture/log entire hacker scripts/files/code in the Request Body logging field then keep the Limit POST Request Body Data checkbox checked. Note: To capture/log all POST Request Attacks against your website you will need to add the POST Request Attack Protection Bonus Custom Code. A link to that Bonus Custom Code is at the top of this Read Me help window. If you do not want to add the Bonus Custom Code then some, but not all POST Request Attacks will be captured/logged in the Security Log.

@yiggory – Did this answer all of your questions? If so, please resolve this thread. If not, please post any additional questions you may have. Thanks.

Thread Start Date: 6-25-2016 to 6-26-2016
Current Date: 6-28-2016

@yiggory – Assuming all questions have been answered – the thread has been resolved. If the issue/problem is not resolved or you have additional questions about this specific thread topic then you can post them at any time. We still receive email notifications when threads have been resolved.

Thread Start Date: 6-25-2016 to 6-26-2016
Thread Resolved/Current Date: 6-30-2016