Files in Quarantine – what should I do

Home Forums BulletProof Security Pro Files in Quarantine – what should I do

Tagged: 

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • September 6, 2014 at 1:47 am #17525
    simon
    Participant

    Hi i have some files in the quarantine folder on 2 of my pages i admin – what happened tonight and this morning when i have not done anything on my pages.

    These are the files:
    admin-de_DE.po
    admin-network-de_DE.po
    continents-cities-de_DE.po
    de_DE.po

    Any idea how this happens? Could this be an attack? And can i just restore these files?
    Thanks Simon

    September 6, 2014 at 7:13 am #17527
    AITpro Admin
    Keymaster

    Those file names are standard German language translation file names for the German WordPress language version.   The language translation files for WordPress are stored/located in this folder WordPress folder:  /wp-content/languages/.

    Most likely scenarios:  WordPress was updated/upgraded to WordPress 4.0 or the new German WordPress language translation files were manually uploaded/added to the /wp-content/languages/ folder.

    If you do not want AutoRestore/Quarantine to check the /wp-content/languages/ folder then you can create an AutoRestore/Quarantine folder exclude rule for this folder.  See this video tutorial for how to do that:  http://forum.ait-pro.com/video-tutorials/#autorestore-quarantine

    Any time files are sent to Quarantine and you are not sure if they are legitimate files or hacker files you would use the View Files option to view the contents of the file.  If after viewing the contents of the file you are not sure if the contents of the file are legitimate or hacker’s code then you can send those files to info at ait-pro dot com and ask us to check them for you.

    September 6, 2014 at 8:51 pm #17573
    Jose
    Participant

    This is a fixed bug that will be resolved at 4.0.1 version. It’s not considered urgent by wordpress. You can click on restore files.

    This is the ticket link.
    https://core.trac.wordpress.org/ticket/28949

    September 7, 2014 at 6:40 am #17574
    AITpro Admin
    Keymaster

    @ Jose – Great catch!  I was not aware that language packs were auto-updated by the API.  Just learned something new.

    December 12, 2015 at 1:25 pm #27256
    impart
    Participant

    just today these files were sent to quarantine at my site. at the same time I had a somehow bigger hacking attack but these files are not mentioned in the security log entries. What can I do now? I don’t know if these files are clean and I can restore them or not. Can you help please? It’s wordpress 4.4
    admin-de_DE.po
    de_DE.po
    admin-de_DE.mo
    de_DE.mo

    December 12, 2015 at 1:40 pm #27262
    AITpro Admin
    Keymaster

    You can check the files in Quarantine using the View option.  You can compare the code in the .po and .mo language files in Quarantine to known good language files that you can get from WordPress.  If you do not know how to do any of these things then copy the code in the quarantined files or download them from the /quarantine/ folder and send it/them in an email to:  info at ait-pro dot com and we will let you know if the code is standard code or it has been tampered with.  It is very doubtful that .po and .mo files would be tampered with since they are not .php or .js files.

    December 12, 2015 at 1:49 pm #27264
    impart
    Participant

    Ok I downloaded WP 4.4 and did a diff on the files in quarantine, were good.

    Thanks

  • Author
    Posts
Viewing 7 posts - 1 through 7 (of 7 total)
  • You must be logged in to reply to this topic.