MScan – version.php

Home Forums BulletProof Security Pro MScan – version.php

  • This topic has 3 replies, 2 voices, and was last updated 2 years ago by Jan.
Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #41659
    Jan
    Participant

    After performing a scan, the results show a warning for the version.php file. But there is no change inside this file.

    Any idea why the scan is reporting this as it is a core WordPress file?

    https://drive.google.com/file/d/1D1umsJZ3X98lpOrriiMHGe_-8xQu0lw5/view?usp=sharing

    #41661
    AITpro Admin
    Keymaster

    Most likely this is a file format Windows (CR LF) vs Linux (LF) issue.  All WP Core files should be Linux (LF) format.  To confirm or eliminate that, download the version.php file and open it with the Notepad++ app > https://notepad-plus-plus.org/downloads/.  At the bottom right of the Notepad++ app window you will see either Windows (CR LF) or Linux (LF) format

    https://forum.ait-pro.com/forums/topic/mscan-troubleshooting-questions-problems-and-code-posting/

    Known Issue|Problem: File Hashes do not match due to differences in file format: Windows (CR LF) vs Linux (LF)
    Update: BPS Pro 16.3 and BPS 5.8 automatically convert Windows default Themes from CR LF to LF format.
    This issue/problem typically only happens on Local Dev servers like XAMPP. Problem scenario:  All WP Core, Plugin and Theme files should be using Linux (LF) format.  On XAMPP during the file hash creation stage in MScan some files have the Windows (CR LF) format, which means the file size is slightly different and the file hash that is created will not match the file hash for the actual Live file. The result is MScan will detect that the file has been altered or tampered with and display “File Hash: Altered or unknown Theme file” for that file.  Example Scenario: When you update Themes older files will not be replaced for that Theme and only files that have been changed are replaced. The original Theme file has the Linux (LF) format, but the new Theme file in the Theme zip file has the Windows (CR LF) format.  The file hash that is created is for that Theme file will not match the file hash for the existing Theme file. The end result is a false positive since the file is seen as altered or not matching the file hash for that Theme file.

    #41665
    AITpro Admin
    Keymaster

    Just in case this was an issue/problem in BPS Pro I ran several tests and the version.php file is not being detected as suspicious.  So yeah the problem is isolated to your website/server.

    #41670
    Jan
    Participant

    Thank you for your feedback on this!

Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.