GOTMLS security scan error

[Hannah]

Hi, I just ran a security scan with GOTMLS and it reports that something is wrong in the BPS system info file. I don’t see any entries in the security log file for today. I’m wondering if it is really a problem or not, and if I should allow the plugin to “fix” this file. Thanks for letting me know. Here is what it says is malicious in the file:

[Excessive code posted has been deleted]

[AITpro Admin]

There is no malicious code in BPS so you need to contact GOTMLS and find out why GOTMLS is malfunctioning/making this mistake.

[AITpro Admin]

I have received several emails about this now and the response below from the GOTMLS plugin author below about this malfunction in the GOTMLS plugin is not valid and frankly irresponsible.  There is not any code in BPS plugin system-info.php file that can be exploited.  I assume the intention of claiming that some kind of exploit exists in the system-info.php code somehow adds validity to the GOTMLS plugin malfunctioning.  If your plugin is malfunctioning then fix your coding mistake.  End of story.

Response from the GOTMLS plugin author:
“That bulletproof-security file was a false positive. I don’t know why they have that curl call in there like that but I checked it out pretty good and it look fairly secure, you would have to be an admin to exploit it”

[Hannah]

I trust BPS and only reported this because I was concerned that there might have been a security breach on my site. I’m sorry it has upset you, and thank you so much for following through with the GOTMLS developer. I have valued the ability to scan my clients’ sites for malware and found him to be a hard-working developer with nothing but the best intentions. **However**, I just checked out BPS Pro and was very impressed not only with the features but the price. I just signed up for the affiliate program and plan to purchase BPS Pro shortly myself. I will trust the automatic malware removal feature so I won’t have to use valuable time scanning sites regularly any longer. I can eliminate at least one other plugin on all my sites and in some cases 2 or more by doing this, another valuable benefit of such an effective security plugin as BPS Pro. The recent uptick in xmlrpc.php attacks is covered even by the free version! You can expect to see a purchase from me by the time the weekend closes, and I’ve already posted about BPS Pro on my website. Thank you so much for the many hours of hard work and expertise that go into both the free and Pro versions of BulletProof Security!

[AITpro Admin]

The GOTMLS plugin author’s statement above was sent to me via email by someone else who was very worried about what the GOTMLS plugin author said.  I am not upset.  Yes.  Bad information bothers me in general since I am a stickler for precise and accurate information.  So having to explain and correct some bad information that someone else is spreading around is a pain and time consuming.  In a way you could say that BPS got double screwed on this one.  1.  GOTMLS malfunctioned.  2.  Now I have to explain and reassure folks about what the GOTMLS plugin author is saying about his plugin’s malfunction.  The appropriate action by the GOTMLS plugin author should not be to cause BPS more problems and instead correct the first problem that GOTMLS created for the BPS plugin.  Just irritating that is all.  😉

BPS occaisonally blocks something legitimate in another plugin so I figure out what that is and provide the solution. It is very rare when I find out that what BPS is blocking in another plugin is actually really very dangerous and should not be allowed. Probably 1 in 2,000 cases. The point is that the correct way to handle something like this is to stick to facts and just solve the problem and not try to pass blame or do or say anything else that is silly like that.

[Hannah]

I’m sorry you’ve had to defend your excellent plugin, but I have to say that your responses have done much to help me understand better how BPS works and why it’s the best one to use. Thank you for explaining what we can find in the BPS Security log and how to use it to solve situations where BPS might be blocking something legitimate. You are extremely thorough in your work, and that is greatly to be appreciated and admired, especially for the developer of a security plugin!

[AITpro Admin]

Thanks for the Kudos!  Yeah it is more about wasting time correcting bad information vs defending BPS.

[RJD]

[Topic has been merged into this relevant Topic]
When I scan my site using GOTMLS, the …bulletproof-security/admin/mod-test/.htaccess files shows up as a potential threat. I’m wondering if I should be concerned, or is this is a false positive for some reason. I just reinstalled BPS, ran GOTMLS  a  moment later, and this appeared…

Thanks for any help!

RJD

[AITpro Admin]

@ RJD – Copy and paste the contents of the bulletproof-security/admin/mod-test/.htaccess file in your reply and I will tell you if the htaccess code has not been tampered with or not and if GOTMLS is just malfunctioning.  Most likely GOTMLS is just malfunctioning.  Scanners are only capable of looking for general pattern matches and are not actually capable of telling the difference between good code or malicious code.

[RJD]

# Module Directive Testing

# 1 mod_access_compat Order Directive Allow from all
<FilesMatch "^(mod_access_compat-od-allowed\.png)$">
<IfModule mod_access_compat.c>
Order Allow,Deny
Allow from all
</IfModule>
</FilesMatch>

# 2 mod_access_compat Order Directive Deny from all
<FilesMatch "^(mod_access_compat-od-denied\.png)$">
<IfModule mod_access_compat.c>
Order Allow,Deny
Deny from all
</IfModule>
</FilesMatch>

# 3 mod_authz_core Require all denied Conditional
<FilesMatch "^(mod_authz_core-denied\.png)$">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
</FilesMatch>

# 4 mod_authz_core|mod_access_compat Order Directive Denied Conditional
<FilesMatch "^(mod_authz_core-od-cond-denied\.png)$">
<IfModule mod_authz_core.c>
Order Allow,Deny
Deny from all
</IfModule>
</FilesMatch>

# 5 mod_authz_host Require ip 127.9.9.1 Conditional
<FilesMatch "^(mod_authz_host-require-ip\.png)$">
<IfModule mod_authz_host.c>
Require ip 127.9.9.1
</IfModule>
</FilesMatch>

# 6 mod_authz_host|mod_access_compat Order Directive Denied Conditional
<FilesMatch "^(mod_authz_host-od-cond-denied\.png)$">
<IfModule mod_authz_host.c>
Order Allow,Deny
Deny from all
</IfModule>
</FilesMatch>

# 7 mod_access_compat: No IfModule Condition Order Directive Allow from all
<FilesMatch "^(mod_access_compat-od-nc-allowed\.png)$">
Order Allow,Deny
Allow from all
</FilesMatch>

# 8 mod_access_compat: No IfModule Condition Order Directive Deny from all
<FilesMatch "^(mod_access_compat-od-nc-denied\.png)$">
Order Allow,Deny
Deny from all
</FilesMatch>

# 9 mod_rewrite: No IfModule Condition
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} ^.*/mod-test/mod_rewrite-cond\.png$ [NC]
RewriteRule ^(.*)$ http://%{HTTP_HOST}/wp-content/plugins/bulletproof-security/admin/mod-test/mod_rewrite-nc.png [R=302]
RewriteCond %{HTTPS} =on
RewriteCond %{REQUEST_URI} ^.*/mod-test/mod_rewrite-cond\.png$ [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}/wp-content/plugins/bulletproof-security/admin/mod-test/mod_rewrite-nc.png [R=302]

# 10 mod_authz_core: No IfModule Condition Require all denied
<FilesMatch "^(mod_authz_core-nc-denied\.png)$">
Require all denied
</FilesMatch>

# 11 mod_authz_host: No IfModule Condition Require host
<FilesMatch "^(mod_authz_host-nc-require-host\.png)$">
Require host example.com
</FilesMatch>

[AITpro Admin]

@ RJD – The htaccess file code is fine and has not been altered/tampered with so yep GOTMLS is just malfunctioning.  Just ignore this.

[RJD]

Many, many thanks for the quick reply!

[Author]

Posts