False Positive?

  • Resolved WebDev2.0

    (@socalkingg)


    5 years, 10 months ago

    I woke up this morning to the daily WF report that changes had been made to my wp-config.php while I was asleep. That alarmed me a little bit so I logged into Wordfence, ran a scan, and for the first time got a critical error. I immediately contacted my hosting company, they ran a malware scan and found nothing. They examined the wp-config file and said they found nothing alarming. They said the red flag could’ve just been an error and that the code in the error didn’t seem suspicious. Since this is the first time I’ve received this type of error, I wanted to see what you guys thoughts were. Is it a false positive?

    Filename: wp-content/plugins/woo-gutenberg-products-block/build/handpicked-products.js
    File Type: Not a core, theme, or plugin file from www.ads-software.com.
    Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The matched text in this file is: 2323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232|…

    The issue type is: Suspicious:TXT/spamcontainers.5830
    Description: Suspicious code often used in spam-related malware infections

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)

  • @socalkingg Can you provide the entire suspected file’s code in a pastebin or similar? I can confirm for you if you provide that, but otherwise it’s not that uncommon for these premium Woocommerce or ThemeForest plugins to get flagged as a false positive across various scanners.

    Hey @socalkingg,

    As @g0tr00t mentioned, if you can share the contents of the file we can review it. A Pastebin or something similar will work. You can also email it to [email protected]. If you do email it please include your www.ads-software.com username and a link to this thread.

    Thanks,

    Gerroald

    Thread Starter WebDev2.0

    (@socalkingg)

    Thank you both for your response. Sorry for the delay, I was trying to create a pastebin or an alternative but the text was too long. I uploaded the file to a dropbox instead. Here is the link for the full file:

    https://www.dropbox.com/s/09d4ayfxh466s5q/handpicked-products.js?dl=0

    @socalkingg What was flagged in the file is a false positive (that was one ugly js file haha)

    EDIT: You can find this JS timezone code in the core WordPress file wp-includes/js/dist/date.min.js

    • This reply was modified 5 years, 10 months ago by g0tr00t. Reason: more info
Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘False Positive?’ is closed to new replies.