DreamHost Malware Scanner – detects BPS MScan code patterns as malicious

Home Forums BulletProof Security Pro DreamHost Malware Scanner – detects BPS MScan code patterns as malicious

This topic contains 5 replies, has 3 voices, and was last updated by  AITpro Admin 9 months ago.

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #33946

    AITpro Admin
    Keymaster

    Email Question:

    Hi,

    After upgrade to 13.3 the dreamhost malware scanner send me this:

    “…We have identified malicious content on your account, added by an outside entity, which may include malware such as backdoor shells, adware, botnet, and spammer scripts.

    The following file(s) specifically have been identified as attacker-added malware. We have DISABLED these files by setting their permissions to 200 (Owner write-only). You will need to audit these files and either replace them with known good versions or remove them altogether:

    /home/xxxxx/xxxxx.com/wp-content/plugins/bulletproof-security/includes/mscan-ajax-functions.php …”

    Also in the mscan page only the calculate scan time star/stop buttons appears not the full mscan option as in the help page.

    #33947

    AITpro Admin
    Keymaster

    The BPS MScan Malware Scanner contains pattern matching code in the mscan-ajax-functions.php file.  The pattern matching code is used to find and match actual malicious code in any/all website files.  Please contact DreamHost support and request that they whitelist or ignore the BPS mscan-ajax-functions.php file.  MScan will not work correctly until DreamHost support has whitelisted or ignored the BPS mscan-ajax-functions.php file.

    #34096

    Konstantinos
    Participant

    Dreamhost whitelist the mscan-ajax-functions.php and mscan works correctly.

    Thanks.

    #34098

    AITpro Admin
    Keymaster

    Great!  DreamHost ROCKS!!!  There are several other web hosts that are not willing to whitelist the mscan-ajax-functions.php file. So we will probably end up storing the MScan pattern matching code (that triggers a false positive match) in the mscan-ajax-functions.php file on our API server and then call that code and copy it to a website temporaily during a scan and delete the pattern matching code on scan completion.

    #34140

    xmginc
    Participant

    Would it be possible to somehow disable mscan-ajax-functions until your next upgrade? Whitelisting is taking time for our site and periodically goes down each time it gets flagged. Thanks so much.

    #34141

    AITpro Admin
    Keymaster

    To disable MScan in a way that BPS and BPS Pro will still work correctly you would need to do these steps in this exact order:

    BPS Pro:
    1. Go to the S-Monitor page and change the MScan Malware Scanner: MSCAN Status option setting to Turn Off Displayed Status.
    2. Edit the /bulletproof-security/bulletproof-security.php file and comment out this line of code with 2 forward slashes //:
    //require_once( WP_PLUGIN_DIR . '/bulletproof-security/includes/mscan-ajax-functions.php' );
    3. Delete the /bulletproof-security/includes/mscan-ajax-functions.php file.

    BPS free:
    1. Go to the UI|UX Settings page and change the Turn On|Off The Inpage Status Display option setting to Inpage Status Display Off.
    2. Edit the /bulletproof-security/bulletproof-security.php file and comment out this line of code with 2 forward slashes //:
    //require_once( WP_PLUGIN_DIR . '/bulletproof-security/includes/mscan-ajax-functions.php' );
    3. Delete the /bulletproof-security/includes/mscan-ajax-functions.php file.

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.