SOS – File Change Detection

  • Hello all,

    I recently installed the iThemes Security plugin on my two blogs. It was recommended by my server. I used the same settings on both my blogs. I checked the File Change Detection option and the Split File Scanning option.

    Since then, I’ve been getting daily email alerts for one of my blogs, always the same one. Yet I don’t notice any changes on the blog front end.

    I don’t know how to interpret these alerts, but they are very nerve racking. Can someone please help me figure out how to interpret these alerts?

    Here’s the blog for which I keep getting alerts
    Here’s the one for which I don’t get any alerts

    And here are a few alert examples :

    ——————————————————————————–
    Files Added: 0
    Files Deleted: 0
    Files Modified: 1
    Memory Used: 0.11 MB

    Files Added
    File Modified File Hash

    Files Deleted
    File Modified File Hash

    Files Modified
    File Modified File Hash
    .htaccess Wednesday April 2nd, 2014 at 5:05 am UTC 2c8db883a5b6ded8302569f667dae9ea

    ——————————————————————————–

    Files Added: 27
    Files Deleted: 0
    Files Modified: 0
    Memory Used: 45.45 MB

    Files Added
    File Modified File Hash
    license.txt Saturday January 25th, 2014 at 6:07 am UTC 38770f444df2e78c4431ef84cc94b477
    readme.html Saturday January 25th, 2014 at 6:07 am UTC 017bfd41148f1ebcded2b3d65a621a54
    wp-rss2.php Thursday December 9th, 2010 at 2:02 pm UTC 2e0c91f0a744fb21cc0f422a6305fc64
    wp-load.php Saturday January 25th, 2014 at 6:07 am UTC ebdc1b87de5f43f8f9b8a17515ea9a53
    wp-config.php Friday March 16th, 2012 at 1:44 pm UTC ff70893863fe584616974138b22e9dbf
    error_log Friday March 21st, 2014 at 8:40 pm UTC 6016ad5d0da3da1bcf62b9006747afd6
    index.php Saturday January 25th, 2014 at 6:07 am UTC b61b25303be0f573a6b9446d5cbe3a5b
    wp-comments-post.php Saturday January 25th, 2014 at 6:07 am UTC f7268ccd5aa033f919c2975bc523bd86
    wp-rss.php Thursday December 9th, 2010 at 2:02 pm UTC fed187a5047c2a2240204c9975d99582
    wp-login.php Saturday January 25th, 2014 at 6:07 am UTC d139afda43de80e12b574bc681bad1f3
    wp-commentsrss2.php Thursday December 9th, 2010 at 2:02 pm UTC fc053ca6e39ab0d4a216fe86c6e77ca8
    wp-atom.php Thursday December 9th, 2010 at 2:02 pm UTC 41ee2f11d9757ec2659052eed3173df0
    wp-blog-header.php Saturday January 25th, 2014 at 6:07 am UTC 5f81e56e3ac8ebf59ee135c253b835d8
    wp-feed.php Thursday December 9th, 2010 at 2:02 pm UTC d6ab3ec9c37be35fce9706559a825bd3
    wp-mail.php Saturday January 25th, 2014 at 6:07 am UTC f7a72d3f3c1480b09c137791eae3b500
    wp-config-sample.php Saturday January 25th, 2014 at 6:07 am UTC 9b1ad07d04012d8f24002f77c41df118
    wp-settings.php Saturday January 25th, 2014 at 6:07 am UTC f11bbb93189c12ec580032e5d11c5124
    xmlrpc.php Saturday January 25th, 2014 at 6:07 am UTC 40d02fd01852287888fb0acfec5b9fb7
    wp-links-opml.php Saturday January 25th, 2014 at 6:07 am UTC c463c9c7fe769e018d496cda106d6697
    wp-pass.php Tuesday May 15th, 2012 at 10:32 am UTC 9e71ca9b665afc1c4804b60a8cec4e50
    wp-cron.php Saturday January 25th, 2014 at 6:07 am UTC 0210bf661bbbeb1fb262b5189885892a
    wp-register.php Tuesday May 15th, 2012 at 10:32 am UTC d09916236fec6752c45c52499d6e2afb
    wp-trackback.php Saturday January 25th, 2014 at 6:07 am UTC 8bad2451f59b5b91bb54a06a1b6cb9fd
    wp-signup.php Saturday January 25th, 2014 at 6:07 am UTC ef6d0e43a739699ca66526ced740b7b4
    wp-activate.php Saturday January 25th, 2014 at 6:07 am UTC b94e5f17ca85eea62dd8ff75a2c15058
    wp-rdf.php Thursday December 9th, 2010 at 2:02 pm UTC 366997f14f51587e104becf290cea514
    .htaccess Monday March 31st, 2014 at 11:47 pm UTC eab679dfd07648b13b956550843ee889

    ——————————————————————————–

    Files Added: 0
    Files Deleted: 0
    Files Modified: 8
    Memory Used: 2.26 MB

    Files Added
    File Modified File Hash

    Files Deleted
    File Modified File Hash

    Files Modified
    File Modified File Hash
    wp-includes/update.php Tuesday April 8th, 2014 at 8:16 pm UTC 42f802f2e6dcd1fcaf8c171ee84ad40d
    wp-includes/query.php Tuesday April 8th, 2014 at 8:16 pm UTC 0c2539626b2b37ce802c1159e97054cd
    wp-includes/version.php Tuesday April 8th, 2014 at 8:16 pm UTC fcf8990849673b92193c457e91060be6
    wp-includes/bookmark.php Tuesday April 8th, 2014 at 8:16 pm UTC b13d701b45d592deccc7ce0f946e49ee
    wp-includes/js/plupload/plupload.silverlight.xap Tuesday April 8th, 2014 at 8:16 pm UTC 40dbc8d7df259f4d2df35c89c63a818b
    wp-includes/post-template.php Tuesday April 8th, 2014 at 8:16 pm UTC 8d64888328c1d7c04a8481bbb6667d54
    wp-includes/pluggable.php Tuesday April 8th, 2014 at 8:16 pm UTC f17ee83d781f28ea2ba702b2ccf8a20f
    wp-includes/class-wp-xmlrpc-server.php Tuesday April 8th, 2014 at 8:16 pm UTC 841a7e973040d8e2aa9efe30eec3956b

Viewing 5 replies - 1 through 5 (of 5 total)

  • Log from April 8th, 2014 is from WordPress autoupdate…
    Middle log seems thats from autoupdate too (but I’m not sure, I’m not using ITS so long)

    The htaccess one could be by changed settings of iThemes Security

    Thread Starter Miss Frenchy

    (@miss-frenchy)

    Thanks for your response Martin.

    Still, that doesn’t explain why one blog would be signaling updates and not the other.

    This File Change Detection option is so NOT user friendly

    Anyone else activating this option and getting numerous alerts? Of so, how can you tell what is what?

    I’m thinking I’d probably be better unchecking this option all together…

    Well i’ve this option turned ON and it’s working…

    Well before few days there were security update 3.8.2 and i’ve recieved mail about file change from ITS and WP on dashboard said that he updated himself.

    Why you don’t have updates from other web, i don’t know.. ??
    Maybe no activity on web?

    *Automatic file change scanning is triggered by a user visiting your page and may not happen exactly at the time listed.

    Or check your spambox?

    Thread Starter Miss Frenchy

    (@miss-frenchy)

    If file change scanning is activated by users simply visiting, that may well explain why I’m getting more alerts on one blog than on the other. Thanks Martin for that info.

    But receiving such alerts simply because people are visiting the site is NOT a useful function at all.

    Since no one has been able to help me understand how to distinguish between a serious alert and these numerous benigh ones, I’m going to disable this option all together.

    It’s something the people at iSecurity might want to look into because as is, this option is totally useless…

    Well i disagree.. That tool works quite good as far as i saw…

    What do you mean gettint more alerts? I receive only one notification per day…

    But receiving such alerts simply because people are visiting the site is NOT a useful function at all.

    You’ll receive it only with first visitor in a day… First visitor is a trigger to launch this check…

    Since no one has been able to help me understand how to distinguish between a serious alert and these numerous benigh ones, I’m going to disable this option all together.

    I think this is obvious… If you do an update you’ll see changes there.. if your users will upload file, you’ll see changes there..
    If you’re not doing update and users are not uploading and you’re receiving lot of records, there’s probably somthing wrong with your security settings at all..

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘SOS – File Change Detection’ is closed to new replies.