Is this a False Positive on WP-Rocket Cache

  • Resolved gianag

    (@gianag)


    5 years, 3 months ago

    Hi, Wordfence scan is showing spam alerts intermittently on various WP-Rocket cached pages. Is this a false positive?

    Example:

    File appears to be malicious: wp-content/cache/wp-rocket/sage4me.com/product/natures-way-coconut-oil-1000-mg-120-softgels/index-https.html
    Type: File

    Filename: wp-content/cache/wp-rocket/sage4me.com/product/natures-way-coconut-oil-1000-mg-120-softgels/index-https.html
    File Type: Not a core, theme, or plugin file from www.ads-software.com.
    Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The matched text in this file is: <title>Nature’s Way – Coconut Oil – 1000 Mg – 120 Softgels – Sage4me.com</title>

    The issue type is: Spam:HTML/pharmaspamtitle.6108
    Description: HTML modifications commonly seen in pharmaceutical spam

    The page I need help with: [log in to see the link]

Viewing 6 replies - 1 through 6 (of 6 total)

  • Hey @gianag,

    Is this a blog entry that you created? If not, it looks like some spam has been injected into the site. I’d suggest deleting it and cleaning the site. The article below can help with this.

    https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/

    Thanks,

    Gerroald

    Thread Starter gianag

    (@gianag)

    Hi Gerroald,

    These are cached WooCommerce product pages. Index-https.html files are automatically created when WP-Rocket caches the page. This is done when the pages are opened in the website. I do not see any spam in it. Can I send you an example file that is being marked as spam by Wordfence?

    Thanks,
    Giana

    Thread Starter gianag

    (@gianag)

    Also, these index-https.html files are passing Norton scan.

    Thread Starter gianag

    (@gianag)

    Hi Gerroald,

    Could it be because of the format of the title that has dashes and my website address?

    Thanks,
    Giana

    Hey @gianag,

    My apologies for the delayed response.

    Yes, these are getting flagged due to their resemblance of pharmaceutical spam. In most cases, this will be evidence of injected spam. In your case, if these are legitimate products it’s okay to ignore them.

    Thanks,

    Gerroald

    Hey @gianag,

    Since we haven’t heard back from you I am assuming that the instructions solved your issue so I am marking this topic as resolved.

    If however, for whatever reason, you are still experiencing this issue and it is not resolved please respond to the post, and mark this topic as “not resolved”.

    Thanks,

    Gerroald

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Is this a False Positive on WP-Rocket Cache’ is closed to new replies.