Home › Forums › BulletProof Security Pro › Host asks to check these files – Malware Scanner, False Flags, False Alerts, Whitelist
Tagged: gzbase64.inject.unclassed, tools.php
- This topic has 7 replies, 3 voices, and was last updated 8 years, 6 months ago by Jenny.
-
AuthorPosts
-
JonMember
I am troubleshooting what might be a hack on my forum, so my host has said this:
I run malware detect scanning for the domain access-programmers.co.uk and found 4 hits in the domain and are given bellow. Please check those files with developer.
================ Malware detect scan report for vps708.urljet.com: SCAN ID: 011113-0612.29744 TIME: Jan 11 06:12:54 -0600 PATH: /home/xxxxx/public_html/ TOTAL FILES: 3652 TOTAL HITS: 4 TOTAL CLEANED: 0 NOTE: quarantine is disabled! set quar_hits=1 in conf.maldet or to quarantine results run: maldet -q 011113-0612.29744 FILE HIT LIST: {HEX}gzbase64.inject.unclassed.17 : /home/xxxxx/public_html/wp-content/plugins/bulletproof-security.zip {HEX}gzbase64.inject.unclassed.17 : /home/xxxxxx/public_html/wp-content/plugins/bulletproof-security/admin/tools/tools.php {HEX}gzbase64.inject.unclassed.17 : /home/xxxxx/public_html/wp-content/bps-backup/autorestore/wp-content/plugins/bulletproof-security.zip {HEX}gzbase64.inject.unclassed.17 : /home/xxxxx/public_html/wp-content/bps-backup/autorestore/wp-content/plugins/bulletproof-security/admin/tools/tools.php ===============================================
So, I am checking in with you that those are normal files with your plugin. My site was showing a full page of garbled stuff like this:
��\ms۶��l��? 촲ې%�ʶz'9�mS��
I know that issue is not your plugin since I had the garbled stuff before I installed your plugin, but my host is insisting I check this out as part of the elimination process
AITpro AdminKeymasterUPDATE:
As of BPS Pro 9.6 the Pro-Tools Base64 Decoder / Encoder tools were moved to their own individual pages and can be deleted individually from Pro-Tools. See this Forum link for full details: http://forum.ait-pro.com/forums/topic/scanner-detects-malicious-code-or-infected-files-in-bps-pro-pro-tools/BPS Pro has a Base64 Decoder and Encoding tools. This scanner is detecting standard legitimate php functions in BPS Pro. This is a very common thing. Scanners are only capable of looking for general things and cannot really tell the difference between good code and bad code. Please have your Host whitelist BPS Pro files. Thanks.
JonMemberAs I expected. Thanks for confirming. In my hosts wisdom, they decided (without my say so) to Disable the Bulletproof plugin and turn it back on. Will this have affected anything? i.e. will I need to reset stuff?
AITpro AdminKeymasterEmail Question:
hello
we faced a problem with the plugin use to protect our website
this is the result below
From the reports, the mentioned plugin found to be infected. Please deactivate and remove it via your WP- admin control panel.== malware detect scan report for lead.mysitehosted.com: SCAN ID: 120313-1048.26752 TIME: Dec 3 10:49:33 -0800 PATH: /home/xxxxx/public_html TOTAL FILES: 10101 TOTAL HITS: 2 TOTAL CLEANED: 0 NOTE: quarantine is disabled! set quar_hits=1 in conf.maldet or to quarantine results run: maldet -q 120313-1048.26752 FILE HIT LIST: {HEX}gzbase64.inject.unclassed.17 : /home/xxxxx/public_html/wp-content/plugins/bulletproof-security/admin/tools/tools.php {HEX}gzbase64.inject.unclassed.17 : /home/xxxxx/public_html/blog/wp-content/plugins/bulletproof-security/admin/tools/tools.php
any help would be appreciate.
AITpro AdminKeymasterUPDATE:
As of BPS Pro 9.6 the Pro-Tools Base64 Decoder / Encoder tools were moved to their own individual pages and can be deleted individually from Pro-Tools. See this Forum link for full details: http://forum.ait-pro.com/forums/topic/scanner-detects-malicious-code-or-infected-files-in-bps-pro-pro-tools/This is a very common thing. Scanners are only capable of looking for general things/code/patterns and cannot really tell the difference between good code and bad code. Please have your Host whitelist BPS Pro files or if they cannot whitelist the tools.php file then you can delete the tools.php file from this BPS Pro plugin folder: /bulletproof-security/admin/tools/tools.php. Thanks.
JennyParticipant[Topic has been merged into this relevant Topic]
Hi,
I have just received a report that these files, included in my latest Backup buddy plugin backup are malware. Can you please tell me whether they are normally included in BPS Pro?/wp-content/bps-backup/master-backups/May-15-2013–01-26-10–bulletproof-security.zip – {HEX}gzbase64.inject.unclassed.18.UNOFFICIAL
/wp-content/bps-backup/master-backups/bulletproof-security.zip – {HEX}gzbase64.inject.unclassed.18.UNOFFICIALI’m trying to work out if this is a false positive or not.
Thanks
Jenny SAITpro AdminKeymaster@ Jenny – Nothing to worry about and Yes it is a false positive. The backups are dated to 2013 and a long time ago the Base64 decoder Pro-Tools that came with BPS Pro would trigger false positives. The BPS Pro Base64 Decoder Pro-Tools are no longer included in current versions of BPS Pro for exactly that reason. I think those Base64 Decoder Pro-Tools were removed a year or 2 ago.
JennyParticipantHi and thank you, @AITpro Admin keymaster.
In case anyone else has this problem, the steps I took were to go to the BPS pro tools page (in website dashboard) and click delete for both online and offline base64 decoders. After further advice from BPS support (thanks) I have also deleted the specific zipped files mentioned in my post above, via ftp. I am hopeful that I will no longer get malware alerts from my backup plugin!
I am extremely grateful for the excellent support from AIT pro admin. Cheers Jenny -
AuthorPosts
- You must be logged in to reply to this topic.