WordFence detected possible malicious code in class.datamapper_driver_base.php

  • G’day

    I don’t think its anything to be concerned about. I’m ignoring the wordfence error for now. Even though I’m not a coder, I’ve looked over the file and think its OK. Tho it be good if you could use another method or work with wordfence so the code is not flagged. I didn’t get this issue with the previous version just the new version after updating.

    Tho it be good if you could review your code so it doesn’t get flagged by WordFence as a potential issue.

    Word fence error:
    This file may contain malicious executable wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/datamapper/class.datamapper_driver_base.php
    Filename: wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/datamapper/class.datamapper_driver_base.php
    File type: Not a core, theme or plugin file.
    Issue first detected: 1 day 21 hours ago.
    Severity: Critical
    Status Ignoring this file until it changes
    This file is a PHP executable file and contains the word ‘eval’ (without quotes) and the word ‘base64_decode(‘ (without quotes). The eval() function along with an encoding function like the one mentioned are commonly used by hackers to hide their code. If you know about this file you can choose to ignore it to exclude it from future scans.

    https://www.ads-software.com/plugins/nextgen-gallery/

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Contributor photocrati

    (@photocrati)

    @anorris1 – You are fine to ignore this. Thanks for bringing it to our attention but our use of base64/eval in this case is legitimate.

    – Cais.

    Thread Starter anorris1

    (@anorris1)

    Thats fine are you are able to not use base64/eval so it doesn’t get flagged?

    Plugin Contributor photocrati

    (@photocrati)

    @anorris1 – We are doing a general review but aside from obscuring the base64/eval calls just so WordFence doesn’t flag them doesn’t seem to be the right approach.

    Perhaps WordFence needs to look at their algorithms regarding the use of base64/eval codes?

    – Cais.

    Thread Starter anorris1

    (@anorris1)

    Hackers use base64/eval to hide their code, so as much as I agree with you it would be good if you could use a method/code that isn’t used by hackers… thus preventing false positive in security plugins etc.

    Of all the plugins used. Nextgen is the only one being flagged….

    I’ve asked WordFence but they just want me to ignore it rather do anything on their part :(. So my only hope is that you can change the code to something that doesn’t result in false positives.

    Plugin Contributor photocrati

    (@photocrati)

    @anorris1 – As I noted, I put it over to our developers to review but we are not doing anything wrong in the code itself … even if “hackers” like to use similar constructs.

    – Cais.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘WordFence detected possible malicious code in class.datamapper_driver_base.php’ is closed to new replies.