MScan – Troubleshooting, questions, problems and code posting

Home Forums BulletProof Security Pro MScan – Troubleshooting, questions, problems and code posting

This topic contains 26 replies, has 7 voices, and was last updated by  AITpro Admin 2 weeks ago.

Viewing 12 posts - 16 through 27 (of 27 total)
  • Author
  • #34157

    Tina Dubinsky

    Hi, The weird thing is my host hasn’t disabled any files. The rest of BPS Pro works as per usual. I’ve run into a few other issues with them of late (old php and sql versions that wordpress doesn’t work so well on), so I’ll most likely migrate away in the next few months.





    Altered or unknown WP Core file

     * The WordPress version string
     * @global string $wp_version
    $wp_version = '4.9.4';
     * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
     * @global int $wp_db_version
    $wp_db_version = 38590;
     * Holds the TinyMCE version
     * @global string $tinymce_version
    $tinymce_version = '4607-20180123';
     * Holds the required PHP version
     * @global string $required_php_version
    $required_php_version = '5.2.4';
     * Holds the required MySQL version
     * @global string $required_mysql_version
    $required_mysql_version = '5.0';
    $wp_local_package = 'en_GB';
     if (empty($name) && !is_numeric($name)) {
                return 'The cookie name must not be empty';
            // Check if any of the invalid characters are present in the cookie name
            if (preg_match(
            ) {
                return 'Cookie name must not contain invalid characters: ASCII '
                    . 'Control characters (0-31;127), space, tab and the '
                    . 'following characters: ()<>@,;:\"/?={}';
            // Value must not be empty, but can be 0
            $value = $this->getValue();
            if (empty($value) && !is_numeric($value)) {
                return 'The cookie value must not be empty';
        $created = 0;
        if (isset($this->token['created'])) {
          $created = $this->token['created'];
        } elseif (isset($this->token['id_token'])) {
          // check the ID token for "iat"
          // signature verification is not required here, as we are just
          // using this for convenience to save a round trip request
          // to the Google API server
          $idToken = $this->token['id_token'];
          if (substr_count($idToken, '.') == 2) {
            $parts = explode('.', $idToken);
            $payload = json_decode(base64_decode($parts[1]), true);
            if ($payload && isset($payload['iat'])) {
              $created = $payload['iat'];

    last two and several others from a plugin called wp-mail-smtp


    AITpro Admin

    @ Paul – You can ignore all of these they are false alerts.  Select the Ignore File checkbox and click the Submit button.


    Tony Payne

    I ran MSCAN for the first time today and I have a MAJOR problem!

    I ran the scan time test, it said about 90 seconds.  Ran the test, it was running ok, then this displayed:
    Error establishing a database connection
    This either means that the username and password information in your wp-config.php file is incorrect or we can’t contact the database server at localhost. This could mean your host’s database server is down.

    • Are you sure you have the correct username and password?
    • Are you sure that you have typed the correct hostname?
    • Are you sure that the database server is running?

    If you’re unsure what these terms mean you should probably contact your host. If you still need help you can always visit the WordPress Support Forums.

    The odd thing is that it has taken down all 3 of my hosted WordPress sites:

    with the same database connection problem. All 3 are on the same hosted account, very low traffic, and not part of a multi-site WordPress installation.

    The databases are all accessible via PHP-MyAdmin so intact, and the wp-config.php files appear to be unchanged.
    Any ideas as to what might have happened and how to resolve this please as all 3 sites are currently down?
    NOTE: I have also raised a ticket with the host (X10-Infinity) in case it’s something they might have done and not BPS Pro.


    Tony Payne

    Forget my previous post, X10-Infinity confirmed that some limiting of the account had taken place due to excess activity, I assume related to running the scan.   Seems all is now ok on all 3 sites.


    AITpro Admin

    @ Tony Payne – Some web hosts automatically kill the server/website if resources exceed the limitation imposed by the host.  That typically happens on VPS and Dedicated servers.  Shared hosting is designed with flexible buffers since resource usage will fluctuate drastically when there are many accounts/websites hosted on one server.



    Hope i’m posting in the correct section.

    Hi, my site was hacked prior to installing BPS Pro and I was able to delete all files and do a fresh reinstall.  But a whole bunch of my files have gone into quarantine.  I ran the scanner and here’s a sampling.  There are 64 files.

    I’m confused as to what to do.
    [the data has been deleted since it is unreadable]


    AITpro Admin

    I assume you were manually editing/installing/uploading files on your website and the files were quarantined?  See the AutoRestore|Quarantine Guide forum topic > Help section > AutoRestore|Quarantine Manual File Editing/Uploading Procedural Steps >  If that is not the answer you are looking for then please explain in exact details what you were doing when the files were quarantined.

    The MScan table data was deleted from your forum reply above because it was unreadable.  The general idea is that MScan will detect possible malicious code pattern matches and then you would need to select the View File Form checkbox option to view the code in the file to check it.  That is not going to do you any good if you do not know what you are looking at is good/bad/safe/malicious code.  😉  If you would like for me to login to your website and check the MScan form results then send a WordPress Administrator login for your website to:  info at ait-pro dot com.



    Thank you for the reply.  Yes, I install a new theme this morning.  Just worried as I don’t know what I’m looking for.  I will send you the login.  Thanks so much!  🙂


    AITpro Admin

    Did you install the Theme by using the WordPress Theme installer on the WordPress Themes page or did you manually upload the Theme folder to your website?



    Sent you an email..but it was through wordpress installer.


    AITpro Admin

    MScan has found multiple hacker files in several of your plugin folders.

    What you need to do is make a list of all of your plugins (you can use the BPS System Info > Get Plugins List button) and then delete all of the plugin folders in the WordPress /plugins/ folder and then reinstall all of your plugins again. By manually deleting the plugin folders you will not lose all of your plugin’s database option settings.

    The hacker files are in several plugin folders and have names like these below.
    It is better to completely delete all of your plugin folders under the /plugins/ folder instead of using the Delete feature in MScan since there may be more files in the plugin folders that MScan is not detecting because they do not contain any obvious hacker code.


    Hopefully the hack is contained to only the /plugins/ folder, but you may want to consider the worst case scenario that your entire hosting account is still hacked.

Viewing 12 posts - 16 through 27 (of 27 total)

You must be logged in to reply to this topic.