Malicious Files in Cache, False Positive?

  • Resolved mondererdesign

    (@mondererdesign)


    8 years, 6 months ago

    For the second time this week I’ve received an alert from the Wordfence security plugin that there may be malicious files in the following folders:

    * File appears to be malicious: wp-content/cache/rs/ffe625595b129296bf553ed9880cbc64/all_usergroups/ca61e01c1cdbcd1d01c76be7598b78dd.php

    * File appears to be malicious: wp-content/cache/rs/ffe625595b129296bf553ed9880cbc64/rs_get_terms_for_ug/6711d9b4d94ce346d2baa3dd32abe4ee.php

    * File appears to be malicious: wp-content/cache/rs/ffe625595b129296bf553ed9880cbc64/rs_get_terms_for_ug/8b0ca44dddc42523323eb64a0f8a6da1.php

    I want to make sure that these are just false positives and there aren’t any security issues with the plugin. I’ve deleted and reinstalled Role Scoper just in case there was a backdoor hack in place.

    Thanks!

    https://www.ads-software.com/plugins/role-scoper/

Viewing 6 replies - 1 through 6 (of 6 total)

  • Same Problem here.

    Screenshot

    Chris

    (@janusdesign)

    Same problem here as well. I removed the files but they were all generated again right away it seemed.

    Plugin Author Kevin Behrens

    (@kevinb)

    If those files are a concern, you can disable Role Scoper’s caching option.

    gabrieldilaurentis

    (@gabrieldilaurentis)

    so i shouldn’t be worried that it’s a backdoor php code providing access to my wordpress installation? should i just turn off cashing that will be it?

    Plugin Author Kevin Behrens

    (@kevinb)

    [updated]

    The Wordfence report does show injected PHP code. Please turn RS caching off to prevent a vulnerability on installations which have the uploads folder writable.

    Plugin Author Kevin Behrens

    (@kevinb)

    The vulnerability is fixed in Role Scoper 1.4.2 (by disabling the persistent cache and auto-deleting cache files).

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Malicious Files in Cache, False Positive?’ is closed to new replies.