Free plugin found to be malicious in scan by host

  • Resolved tinacornish

    (@tinacornish)


    5 years, 8 months ago

    My host Afrihost has found your plugin to be malicious in a scan, please let me know if you are aware of this and what I can do about it. This was also found by Sucuri

    See below from my hosts scan.

    The files listed as malicious in the scan are mentioned below:

    ===
    /home/tinacaam/public_html/beaware/wp-content/plugins/wordfence/lib/wfScanEngine.php
    /home/tinacaam/public_html/beaware/wp-content/plugins/wordfence/waf/bootstrap.php
    /home/tinacaam/public_html/soultour/wp-content/plugins/wordfence/lib/wfScanEngine.php
    /home/tinacaam/public_html/soultour/wp-content/plugins/wordfence/waf/bootstrap.php
    /home/tinacaam/public_html/transformtoday/wp-content/plugins/wordfence/lib/wfScanEngine.php
    /home/tinacaam/public_html/transformtoday/wp-content/plugins/wordfence/waf/bootstrap.php
    /home/tinacaam/public_html/wp/wp-content/plugins/inclu/l
    /home/tinacaam/public_html/wp/wp-content/plugins/inclu/ol.php
    /home/tinacaam/public_html/wp/wp-content/plugins/inclu/wp-includes.php
    /home/tinacaam/public_html/wp-content/plugins/wordfence/lib/wfScanEngine.php
    /home/tinacaam/public_html/wp-content/plugins/wordfence/waf/bootstrap.php
    /home/tinacaam/public_html/wp-content/uploads/mc4wp-debug-log.php
    ===

    You can cross check these files. As updated the scan has tagged some filed related to the plugins wordfence, inclu.

    Thanks
    Tina Cornish

    The page I need help with: [log in to see the link]

Viewing 7 replies - 1 through 7 (of 7 total)

  • Hi @tinacornish,

    It is normal for two security plugins to find each other’s code as malicious.

    However, it’s possible that your Wordfence installation was modified by an attacker.
    Can you copy-paste the contents of wfScanEngine.php into pastebin.com and put the link here?

    I’ll take a look at the files and see if there’s any differences between the original and your copy.

    Dave

    Thread Starter tinacornish

    (@tinacornish)

    https://pastebin.com/u/TinaCornish/1/0/1/?guest=1

    Hi again!

    Can you go into FTP and open the file /home/tinacaam/public_html/beaware/wp-content/plugins/wordfence/lib/wfScanEngine.php -> copy-paste the contents of that file into pastebin.com?

    If we can make sure that none of the files found in the scan are malicious, then we can consider Sucuri’s scan to be a false positive.

    Dave

    Thread Starter tinacornish

    (@tinacornish)

    Hi Dave,

    I have pasted for you.
    https://pastebin.com/cuvHXwbT

    thanks

    Since I worked with you outside of the forums I’ll resolve this one out.

    Tim

    Thread Starter tinacornish

    (@tinacornish)

    Thanks Tim

    Thread Starter tinacornish

    (@tinacornish)

    I see there is a lot of contradictory information over the internet about the Index files that only contain the words “silence is golden” Are these malware files? Can I safely delete them? or are they essential to stay?

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Free plugin found to be malicious in scan by host’ is closed to new replies.