Unrecognised file false positive

  • Resolved Harris

    (@harrispap)


    7 years, 3 months ago

    Hello,
    Every two -three days I am getting an email from one of the sites I have installed Shield, saying that:

    “The following files are considered “unrecognised” and should be examined:

    – /home/webster/public_html/wp-includes/class.wp.php

    I compared the file with the original from www.ads-software.com and they are identical.
    I deleted the file and replaced it with the original from www.ads-software.com.

    I am still getting those messages though. I gues somehow is a kind of a false positive.

    Can you please check it out?
    I can send you the file stated as unrecognized if you want to.

    I am using latest version of Wrdpress and latest version of shield script.

    Thanks
    Harris

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Paul

    (@paultgoodchild)

    Hi Harris.

    wp-includes/class.wp.php doesn’t exist in the core WordPress files. So I’m surprised how you were able to replace it.

    Unless you’re referring to class-wp.php. That’s a different story, but that’s not the file you’re quoting.

    Thread Starter Harris

    (@harrispap)

    Hello,

    Sorry for confusing you. I missed the dot – dash difference before the wp.php.
    I now deleted the unwanted files.

    I guess this thread will not help anyone, so if you want you can delete it.

    Sorry once again for bothering you for no reason.

    Plugin Author Paul

    (@paultgoodchild)

    No problem at all. This is a perfectly legitimate question and it’s easy to make the mistake.

    The closer the hack file names resemble legitimate files the better, since they go unnoticed for longer.

    Did you examine the contents of the suspect file?

    • This reply was modified 7 years, 3 months ago by Paul.
    Thread Starter Harris

    (@harrispap)

    It was a 0 bytes file. No content at all.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Unrecognised file false positive’ is closed to new replies.