Can’t exclude files from File Guard

  • Resolved RIMAX

    (@rimax)


    7 years, 4 months ago

    Hello,

    I am getting tons of File Check detection alerts. While I want to keep it for genuine threats, it just keeps popping up from cache folders and plugin temp files.

    I noticed there’s a “Exclude the following files/folders (optional)” field, but it DOES NOTHING.

    I even tried multiple path lengths, full, partial, folder only, nothing works!

    Now it is set to:

    /home/r46031apmc/public_html/wp-content/uploads/sucuri/,/home/r46031apmc/BWD/wp-content/mmr/,.accessed

    To no avail… I still get notified about file changes in those folders.

    Help? ??

Viewing 12 replies - 1 through 12 (of 12 total)
  • Plugin Author nintechnet

    (@nintechnet)

    Hi,

    I created the same directory structure, added the paths to the exclusion list, and did not receive any alert when changes occurred to those files.
    Can you show me an email alert which includes files stored inside the exclusion list (/home/r46031apmc/public_html/wp-content/uploads/sucuri/,/home/r46031apmc/BWD/wp-content/mmr/,.accessed)?

    There must be an issue with the paths. Sometimes, the real paths and the one returned by the HTTP server may be slightly different (i.e., due to symlinks or the HTTP server configuration).

    Thread Starter RIMAX

    (@rimax)

    There was an error with the first path, it should have been BWD instead of public_html, the website is an addon domain with a folder in a client’s hosting account, so public_html would be another site, not BWD.

    But still, I tried many options and none work, and “mmr” should have worked anyway.

    Current setting:

    /home/r46031apmc/BWD/wp-content/uploads/sucuri/,/home/r46031apmc/BWD/wp-content/mmr/,.accessed (not sure if I need the extension, I tried it to see if it works, but it doesn’t)

    Alerts:

    [!] /home/r46031apmc/BWD/wp-content/mmr/5a4a1022-1500197167.css.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/2ce10f47-1500200865.js.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/d8430d1b-1500196511.js.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/d8380d1e-1500196511.js.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/5a4a1022-1500197167.js.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/ddc2135f-1500197167.css.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/3e720ff9-1500197167.js.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/1b200e99-1500196511.js.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/2dfc0f5d-1500197167.js.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/5e5b10a9-1500196511.js.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/718f1161-1500196511.js.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/2e850f81-1500196511.js.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/ffd80e1b-1500197167.js.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/f2af0db3-1500196512.js.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/1e660ef3-1500196513.js.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/3e1a0ff0-1500197167.js.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/f0c30d76-1500196511.js.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/00a90e1c-1500196512.js.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/a602127b-1500196511.js.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/5f3510bd-1500196511.js.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/d02317d8-1507306521.js.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/4d151012-1500196511.js.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/514c1971-1505944596.css.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/f2c80db5-1500196511.js.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/95363ff8-1500197167.css.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/be8f0c38-1500197167.js.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/00a00e0b-1500197167.css.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/e5090d50-1500197167.js.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/c99b0c4e-1500196513.js.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/008b0e07-1500197167.css.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/be6a0c46-1500196512.js.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/d6920cc1-1500196511.js.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/d89b0d2b-1500196511.js.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/00050e0d-1505944596.js.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/2db30f60-1500197167.js.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/e33a0d0e-1500196511.js.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/b2360bcd-1500196511.js.accessed

    Plugin Author nintechnet

    (@nintechnet)

    This is File Check, not File Guard.

    I’ll make some tests later today, there must be an issue somewhere.

    Thread Starter RIMAX

    (@rimax)

    Well it’s the same thing… isn’t it?

    Aren’t them both more or less the same function (file change monitoring and notification) ? I only have an exclude option in File Guard.

    I would even suggest making it a single section, it’s a bit confusing like this.

    Thread Starter RIMAX

    (@rimax)

    Again:

    /home/r46031apmc/BWD/wp-content/cache/all/components/com_foxcontact/index.html
    [!] /home/r46031apmc/BWD/wp-content/mmr/5a4a1022-1500197167.css.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/2ce10f47-1500200865.js.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/d8430d1b-1500196511.js.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/d8380d1e-1500196511.js.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/5a4a1022-1500197167.js.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/ddc2135f-1500197167.css.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/3e720ff9-1500197167.js.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/1b200e99-1500196511.js.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/2dfc0f5d-1500197167.js.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/5e5b10a9-1500196511.js.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/718f1161-1500196511.js.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/2e850f81-1500196511.js.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/ffd80e1b-1500197167.js.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/f2af0db3-1500196512.js.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/1e660ef3-1500196513.js.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/3e1a0ff0-1500197167.js.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/f0c30d76-1500196511.js.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/00a90e1c-1500196512.js.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/a602127b-1500196511.js.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/5f3510bd-1500196511.js.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/d02317d8-1507306521.js.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/4d151012-1500196511.js.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/f2c80db5-1500196511.js.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/95363ff8-1500197167.css.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/be8f0c38-1500197167.js.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/00a00e0b-1500197167.css.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/e5090d50-1500197167.js.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/c99b0c4e-1500196513.js.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/008b0e07-1500197167.css.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/be6a0c46-1500196512.js.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/d6920cc1-1500196511.js.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/d89b0d2b-1500196511.js.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/2db30f60-1500197167.js.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/e33a0d0e-1500196511.js.accessed
    [!] /home/r46031apmc/BWD/wp-content/mmr/b2360bcd-1500196511.js.accessed

    Note the excluded path, it’s IDENTICAL:

    /home/r46031apmc/BWD/wp-content/mmr/

    Plugin Author nintechnet

    (@nintechnet)

    I just did some tests using the same folders and files structure, and everything worked as expected. Whether I put all paths or only .accessed in the exclusion list, there is no alert sent when a change occurred.

    Can you export your configuration (using this script: https://nintechnet.com/share/wp-support.txt ) and send it to “contact” {at} “nintechnet.com” as an attachment? Add “WP forum – @rimax” in the subject. I’ll use it for the test.

    File Guard and File Check are two different things: File Check use snapshots to check for modifications, while File Guard is a real time detection working at the firewall level (i.e., even before the request reaches WordPress).

    Thread Starter RIMAX

    (@rimax)

    Ok, so let me get this straight:

    Can I turn off File Check scans (this is what I get now, == NinjaFirewall File Check (diff)), and still be notified by File Guard if at one point there is an unauthorized file change?

    I see that it says Monitor file activity and send an alert when someone is accessing a PHP script… but I don’t want just PHP, I want to know about ANY file… or is this a free version limitation?

    Bottom line is I want to be notified on email about ANY file modified or created ANYWHERE in the directory structure, MINUS the excluded items, that’s what I need, long story cut short.

    • This reply was modified 7 years, 4 months ago by RIMAX.
    • This reply was modified 7 years, 4 months ago by RIMAX.
    Plugin Author nintechnet

    (@nintechnet)

    File Check is what you want.

    File Guard works at the firewall level, hence only HTTP requests calling PHP files (and, depending on your configuration, HTML files too) will get through. Static files won’t.

    Thread Starter RIMAX

    (@rimax)

    Ok, but then I still need to filter out those locations and File Check has no exclusion list.

    Plugin Author nintechnet

    (@nintechnet)

    Make sure you don’t have another instance of NinjaFirewall installed on this server, which could be the one sending you the File Check alerts. I can’t see any other explanations as to why you keep receiving them.

    Thread Starter RIMAX

    (@rimax)

    There isn’t. It’s my site giving the alerts for files in that specific directory.

    Plugin Author nintechnet

    (@nintechnet)

    Try to export NinjaFirewall’s configuration, uninstall/reinstall it and reimport its configuration. Then, set up File Check again.
    I still cannot see why it does not work only with you.

Viewing 12 replies - 1 through 12 (of 12 total)
  • The topic ‘Can’t exclude files from File Guard’ is closed to new replies.