GOTMLS security scan error

Home Forums BulletProof Security Free GOTMLS security scan error

Tagged: 

This topic contains 11 replies, has 3 voices, and was last updated by  Dina Tate 1 year, 11 months ago.

Viewing 12 posts - 1 through 12 (of 12 total)
  • Author
    Posts
  • #25561

    Hannah
    Participant

    Hi, I just ran a security scan with GOTMLS and it reports that something is wrong in the BPS system info file. I don’t see any entries in the security log file for today. I’m wondering if it is really a problem or not, and if I should allow the plugin to “fix” this file. Thanks for letting me know. Here is what it says is malicious in the file:

    [Excessive code posted has been deleted]

    #25567

    AITpro Admin
    Keymaster

    There is no malicious code in BPS so you need to contact GOTMLS and find out why GOTMLS is malfunctioning/making this mistake.

    #25641

    AITpro Admin
    Keymaster

    I have received several emails about this now and the response below from the GOTMLS plugin author below about this malfunction in the GOTMLS plugin is not valid and frankly irresponsible.  There is not any code in BPS plugin system-info.php file that can be exploited.  I assume the intention of claiming that some kind of exploit exists in the system-info.php code somehow adds validity to the GOTMLS plugin malfunctioning.  If your plugin is malfunctioning then fix your coding mistake.  End of story.

    Response from the GOTMLS plugin author:
    “That bulletproof-security file was a false positive. I don’t know why they have that curl call in there like that but I checked it out pretty good and it look fairly secure, you would have to be an admin to exploit it”

    #25642

    Hannah
    Participant

    I trust BPS and only reported this because I was concerned that there might have been a security breach on my site. I’m sorry it has upset you, and thank you so much for following through with the GOTMLS developer. I have valued the ability to scan my clients’ sites for malware and found him to be a hard-working developer with nothing but the best intentions. **However**, I just checked out BPS Pro and was very impressed not only with the features but the price. I just signed up for the affiliate program and plan to purchase BPS Pro shortly myself. I will trust the automatic malware removal feature so I won’t have to use valuable time scanning sites regularly any longer. I can eliminate at least one other plugin on all my sites and in some cases 2 or more by doing this, another valuable benefit of such an effective security plugin as BPS Pro. The recent uptick in xmlrpc.php attacks is covered even by the free version! You can expect to see a purchase from me by the time the weekend closes, and I’ve already posted about BPS Pro on my website. Thank you so much for the many hours of hard work and expertise that go into both the free and Pro versions of BulletProof Security!

    #25644

    AITpro Admin
    Keymaster

    The GOTMLS plugin author’s statement above was sent to me via email by someone else who was very worried about what the GOTMLS plugin author said.  I am not upset.  Yes.  Bad information bothers me in general since I am a stickler for precise and accurate information.  So having to explain and correct some bad information that someone else is spreading around is a pain and time consuming.  In a way you could say that BPS got double screwed on this one.  1.  GOTMLS malfunctioned.  2.  Now I have to explain and reassure folks about what the GOTMLS plugin author is saying about his plugin’s malfunction.  The appropriate action by the GOTMLS plugin author should not be to cause BPS more problems and instead correct the first problem that GOTMLS created for the BPS plugin.  Just irritating that is all.  😉

    BPS occaisonally blocks something legitimate in another plugin so I figure out what that is and provide the solution. It is very rare when I find out that what BPS is blocking in another plugin is actually really very dangerous and should not be allowed. Probably 1 in 2,000 cases. The point is that the correct way to handle something like this is to stick to facts and just solve the problem and not try to pass blame or do or say anything else that is silly like that.

    #25649

    Hannah
    Participant

    I’m sorry you’ve had to defend your excellent plugin, but I have to say that your responses have done much to help me understand better how BPS works and why it’s the best one to use. Thank you for explaining what we can find in the BPS Security log and how to use it to solve situations where BPS might be blocking something legitimate. You are extremely thorough in your work, and that is greatly to be appreciated and admired, especially for the developer of a security plugin!

    #25650

    AITpro Admin
    Keymaster

    Thanks for the Kudos!  Yeah it is more about wasting time correcting bad information vs defending BPS.

    #30132

    RJD
    Participant

    [Topic has been merged into this relevant Topic]
    When I scan my site using GOTMLS, the …bulletproof-security/admin/mod-test/.htaccess files shows up as a potential threat. I’m wondering if I should be concerned, or is this is a false positive for some reason. I just reinstalled BPS, ran GOTMLS  a  moment later, and this appeared…

    Thanks for any help!

    RJD

    #30135

    AITpro Admin
    Keymaster

    @ RJD – Copy and paste the contents of the bulletproof-security/admin/mod-test/.htaccess file in your reply and I will tell you if the htaccess code has not been tampered with or not and if GOTMLS is just malfunctioning.  Most likely GOTMLS is just malfunctioning.  Scanners are only capable of looking for general pattern matches and are not actually capable of telling the difference between good code or malicious code.

    #30136

    RJD
    Participant
    # Module Directive Testing
    
    # 1 mod_access_compat Order Directive Allow from all
    <FilesMatch "^(mod_access_compat-od-allowed\.png)$">
    <IfModule mod_access_compat.c>
    Order Allow,Deny
    Allow from all
    </IfModule>
    </FilesMatch>
    
    # 2 mod_access_compat Order Directive Deny from all
    <FilesMatch "^(mod_access_compat-od-denied\.png)$">
    <IfModule mod_access_compat.c>
    Order Allow,Deny
    Deny from all
    </IfModule>
    </FilesMatch>
    
    # 3 mod_authz_core Require all denied Conditional
    <FilesMatch "^(mod_authz_core-denied\.png)$">
    <IfModule mod_authz_core.c>
    Require all denied
    </IfModule>
    </FilesMatch>
    
    # 4 mod_authz_core|mod_access_compat Order Directive Denied Conditional
    <FilesMatch "^(mod_authz_core-od-cond-denied\.png)$">
    <IfModule mod_authz_core.c>
    Order Allow,Deny
    Deny from all
    </IfModule>
    </FilesMatch>
    
    # 5 mod_authz_host Require ip 127.9.9.1 Conditional
    <FilesMatch "^(mod_authz_host-require-ip\.png)$">
    <IfModule mod_authz_host.c>
    Require ip 127.9.9.1
    </IfModule>
    </FilesMatch>
    
    # 6 mod_authz_host|mod_access_compat Order Directive Denied Conditional
    <FilesMatch "^(mod_authz_host-od-cond-denied\.png)$">
    <IfModule mod_authz_host.c>
    Order Allow,Deny
    Deny from all
    </IfModule>
    </FilesMatch>
    
    # 7 mod_access_compat: No IfModule Condition Order Directive Allow from all
    <FilesMatch "^(mod_access_compat-od-nc-allowed\.png)$">
    Order Allow,Deny
    Allow from all
    </FilesMatch>
    
    # 8 mod_access_compat: No IfModule Condition Order Directive Deny from all
    <FilesMatch "^(mod_access_compat-od-nc-denied\.png)$">
    Order Allow,Deny
    Deny from all
    </FilesMatch>
    
    # 9 mod_rewrite: No IfModule Condition
    RewriteCond %{HTTPS} !=on
    RewriteCond %{REQUEST_URI} ^.*/mod-test/mod_rewrite-cond\.png$ [NC]
    RewriteRule ^(.*)$ http://%{HTTP_HOST}/wp-content/plugins/bulletproof-security/admin/mod-test/mod_rewrite-nc.png [R=302]
    RewriteCond %{HTTPS} =on
    RewriteCond %{REQUEST_URI} ^.*/mod-test/mod_rewrite-cond\.png$ [NC]
    RewriteRule ^(.*)$ https://%{HTTP_HOST}/wp-content/plugins/bulletproof-security/admin/mod-test/mod_rewrite-nc.png [R=302]
    
    # 10 mod_authz_core: No IfModule Condition Require all denied
    <FilesMatch "^(mod_authz_core-nc-denied\.png)$">
    Require all denied
    </FilesMatch>
    
    # 11 mod_authz_host: No IfModule Condition Require host
    <FilesMatch "^(mod_authz_host-nc-require-host\.png)$">
    Require host example.com
    </FilesMatch>
    
    
    #30137

    AITpro Admin
    Keymaster

    @ RJD – The htaccess file code is fine and has not been altered/tampered with so yep GOTMLS is just malfunctioning.  Just ignore this.

    #30138

    RJD
    Participant

    Many, many thanks for the quick reply!

Viewing 12 posts - 1 through 12 (of 12 total)

You must be logged in to reply to this topic.