AutoRestore|Quarantine – files not quarantined

Home Forums BulletProof Security Pro AutoRestore|Quarantine – files not quarantined

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • March 14, 2016 at 10:02 am #28615
    netvisibilitygroup
    Participant

    Hi:  We had some malicious files get dropped into a web site directory and were alerted to them via Wordfence. We have BPS Pro running with Autoquarantine on, but it did not quarantine the files and did not alert us. We’re hoping you can tell us why and what we have to do to make sure BPS can catch it next time.

    The malicious files were:
    /public_html/wp-check.php
    /public_html/wp-tmp.php
    /public_html/wp-admin/wp-up.php

    which contain eval() and base64 executable code.
    Thank you.

    March 14, 2016 at 10:20 am #28618
    AITpro Admin
    Keymaster

    Is AutoRestore turned On? What is the ARQ Cron Check Frequency option setting set to? You can test to see if ARQ is working correctly by uploading a test file to your website’s /public_html/ folder. If the file is quarantined then ARQ is working correctly. I’m not sure what Wordfence does when it detects files with malicious code in them so maybe Wordfence did something with the files before ARQ could quarantine them? Not really sure if Wordfence does that or not?

    March 14, 2016 at 11:20 am #28621
    netvisibilitygroup
    Participant

    I’m embarassed to say it was turned off – I thought sure it was on – early morning panic and no coffee yet 😉 No Wordfence doesn’t actually quarantine anything it just alerts you, which is why we need BPS!  Thanks and sorry for the confusion…  I’ve got the site rolled back and BPS on full alert!

    March 14, 2016 at 12:04 pm #28622
    AITpro Admin
    Keymaster

    Ok thanks for letting me know what happened and yeah I’ve done that a few times before on the aitpro sites.  Maybe adding another ARQ option like:  Automatically turn ARQ On after X minutes would be a good thing to add to the ARQ options so that if someone turns off ARQ and forgets to turn ARQ back on then ARQ will automatically turn itself back on after X minutes. 😉  I believe that would be a pretty easy thing to create so I added that to the Task List for BPS Pro 11.7.

    March 14, 2016 at 12:10 pm #28623
    AITpro Admin
    Keymaster

    Oh I see that idea was already added to the Task List, but it has a lot of possible negative impact scenarios so the Task was modified and changed to:  Create an automated email alert notification that ARQ is turned Off on a site.  That let’s someone know that ARQ is turned Off on a site and does not cause possible negative impact scenarios.  😉

    March 14, 2016 at 1:04 pm #28624
    netvisibilitygroup
    Participant

    Honestly if it weren’t for Wordfence sending me an email alert that suspicious files were found it would have went unnoticed for awhile,  an email alert option would be great. BPS has saved our butts on occasion and the fact that it catches issues and takes action BEFORE an exploit can occur is what puts it miles ahead of Wordfence, but Wordfence always lets us know when something happened (past tense though!)…

  • Author
    Posts
Viewing 6 posts - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.