Possible False positive – Freesoul Deactivate Plugins

Viewing 8 replies - 1 through 8 (of 8 total)

  • HI @devsc2768

    I’m the author of Freesoul Deactivate Plugins. Other users also reported the same issue. I suggest you update FDP to the last version 1.9.5.6 and follow also this thread: https://www.ads-software.com/support/topic/false-positive-malware-2/

    I kindly ask the authors of Anti-Malware Security and Brute Force-Firewall which part of the code triggers that warning. If it was caused by $_SERVER[‘HTTP_HOST’], then this is solved in version 1.9.5.6.

    Best regards

    Jose

    Plugin Author Eli

    (@scheeeli)

    Thanks for bringing this plugin to my attention. The malware definition in question was designed to find fake or rogue plugins that try to hide themselves from admin users so that the admin don’t even realize they have this plugin installed on their site.

    I have review the code in this freesoul-deactivate-plugins plugin and determined that they do in fact have this code to hide their plugin from the wp-admin Plugins menu but only under certain conditions where the setting have determined that the current use should not that this plugin is installed. This is dubious IMHO, and I do not understand why the developers didn’t feel that they could rely on the normal WP User Capabilities to restrict access to their plugin. However, I cannot assert that this feature was designed to be malicious and it does not appear to hide itself from admin users (unless you select those admin users specifically). Therefore I have decided to whitelist this particular usage in this plugin.

    Could you please download the latest definition update (version N5V4L or higher) and run the complete scan again to confirm that this plugin is no longer identified as a Known Threat?

    Plugin Author Eli

    (@scheeeli)

    Hi Jose (@giuse),

    I was composing my reply and doing a little research on your plugin so I did not see your response until after my own reply.

    I have whitelisted your usage of this function so there is no further need to change your code, but here is what my plugin was previously identifying as malicious:

    add_filter( 'all_plugins','eos_dp_plugins_in_list' );
    //Remove plugins from plugins table in the page wp-admin/plugins.php according to the FDP Settings
    function eos_dp_plugins_in_list( $plugins ){
    $fdp_caps = eos_dp_user_capabilities();
    if( $fdp_caps && is_array( $fdp_caps ) && in_array( 'see_plugin',$fdp_caps ) && !$fdp_caps['see_plugin'] ){
    if( in_array( EOS_DP_PLUGIN_BASE_NAME,array_keys( $plugins ) ) ){
    unset( $plugins[EOS_DP_PLUGIN_BASE_NAME] );
    }
    if( in_array( EOS_DP_PRO_PLUGIN_BASE_NAME,array_keys( $plugins ) ) ){
    unset( $plugins[EOS_DP_PRO_PLUGIN_BASE_NAME] );
    }
    }
    return $plugins;
    }

    I am curious as to why you felt the need to hide your plugin from the plugin list and did feel you could rely on the standard WP User Capabilities to protect your plugin, and why would you allow admins to hide your plugin from other admins?

    Hi @scheeeli

    thank you very much for the clarification.

    The main administrator can hide the setting pages, and also totally hide the plugin for other users.

    You can see here more details: https://freesoul-deactivate-plugins.com/how-deactivate-plugiins-on-specific-pages/roles-manager/

    This functionality doesn’t rely on the standard WP User Capability, but on the settings decided by the main administrator because it’s the main administrator who decides who can see the plugin.

    My plugin can selectively disable other plugins on specific pages. This is powerful for performance especially when you have many heavy plugins, but can also be very dangerous if it’s not done properly. This is why some main administrators may prefer other admins don’t touch anything related to my plugin and the responsibility of the cleanup is left only to the main administrator. The main administrator will always see everything.

    Best regards

    Jose

    Plugin Author Eli

    (@scheeeli)

    Thanks for the detailed explanation. I can understand why you have added that extra layer of security. My job is to find plugins with exploitable security holes or any code that can be used in a malicious way by unprivileged users. I have already decided that your code meets neither of those criteria so you’re all good in my book.

    Thread Starter devsc2768

    (@devsc2768)

    Can I just say thank you very much to both Eli and Jose for your fantastic plugins and outstanding service to the WordPress communities. Your professionalism and clear explanations are very much appreciated.

    Thank you Eli @devsc2768, and thanks to you @devsc2768 for discovering this issue.

    Have a great day!

    Jose

    Hello,

    I also want to thank both of you for such a detailed discussion.

    We can see in answers like these, what kind of excellent professionals are behind each plugin.

    Greetings and thanks for both plugins!

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘Possible False positive – Freesoul Deactivate Plugins’ is closed to new replies.