DreamHost Malware Scanner – detects BPS MScan code patterns as malicious

Home Forums BulletProof Security Pro DreamHost Malware Scanner – detects BPS MScan code patterns as malicious

Tagged: , ,

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • September 8, 2017 at 10:26 am #33946
    AITpro Admin
    Keymaster

    Email Question:

    Hi,

    After upgrade to 13.3 the dreamhost malware scanner send me this:

    “…We have identified malicious content on your account, added by an outside entity, which may include malware such as backdoor shells, adware, botnet, and spammer scripts.

    The following file(s) specifically have been identified as attacker-added malware. We have DISABLED these files by setting their permissions to 200 (Owner write-only). You will need to audit these files and either replace them with known good versions or remove them altogether:

    /home/xxxxx/xxxxx.com/wp-content/plugins/bulletproof-security/includes/mscan-ajax-functions.php …”

    Also in the mscan page only the calculate scan time star/stop buttons appears not the full mscan option as in the help page.

    September 8, 2017 at 10:29 am #33947
    AITpro Admin
    Keymaster

    The BPS MScan Malware Scanner contains pattern matching code in the mscan-ajax-functions.php file.  The pattern matching code is used to find and match actual malicious code in any/all website files.  Please contact DreamHost support and request that they whitelist or ignore the BPS mscan-ajax-functions.php file.  MScan will not work correctly until DreamHost support has whitelisted or ignored the BPS mscan-ajax-functions.php file.

    September 18, 2017 at 9:40 am #34096
    Konstantinos
    Participant

    Dreamhost whitelist the mscan-ajax-functions.php and mscan works correctly.

    Thanks.

    September 18, 2017 at 10:00 am #34098
    AITpro Admin
    Keymaster

    Great!  DreamHost ROCKS!!!  There are several other web hosts that are not willing to whitelist the mscan-ajax-functions.php file. So we will probably end up storing the MScan pattern matching code (that triggers a false positive match) in the mscan-ajax-functions.php file on our API server and then call that code and copy it to a website temporaily during a scan and delete the pattern matching code on scan completion.

    September 22, 2017 at 9:25 am #34140
    xmginc
    Participant

    Would it be possible to somehow disable mscan-ajax-functions until your next upgrade? Whitelisting is taking time for our site and periodically goes down each time it gets flagged. Thanks so much.

    September 22, 2017 at 10:06 am #34141
    AITpro Admin
    Keymaster

    To disable MScan in a way that BPS and BPS Pro will still work correctly you would need to do these steps in this exact order:

    BPS Pro:
    1. Go to the S-Monitor page and change the MScan Malware Scanner: MSCAN Status option setting to Turn Off Displayed Status.
    2. Edit the /bulletproof-security/bulletproof-security.php file and comment out this line of code with 2 forward slashes //:
    //require_once( WP_PLUGIN_DIR . '/bulletproof-security/includes/mscan-ajax-functions.php' );
    3. Delete the /bulletproof-security/includes/mscan-ajax-functions.php file.

    BPS free:
    1. Go to the UI|UX Settings page and change the Turn On|Off The Inpage Status Display option setting to Inpage Status Display Off.
    2. Edit the /bulletproof-security/bulletproof-security.php file and comment out this line of code with 2 forward slashes //:
    //require_once( WP_PLUGIN_DIR . '/bulletproof-security/includes/mscan-ajax-functions.php' );
    3. Delete the /bulletproof-security/includes/mscan-ajax-functions.php file.

  • Author
    Posts
Viewing 6 posts - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.