My website was hacked – gzbase64 tools.php

Home Forums BulletProof Security Pro My website was hacked – gzbase64 tools.php

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
  • #4337
    Young Master

    This morning while Iwas logging into my website account I found out there was was an empty folder in the root directory of my website. Then later i received an e-mail form website informing me that there was code injections as shown below.


    {HEX}gzbase64.inject.unclassed.17 : /home/xxxxx/public_html/wp-content/plugins/bulletproof-security/admin/tools/tools.php
    {HEX}gzbase64.inject.unclassed.14 : /home/xxxxx/public_html/wp-content/plugins/bulletproof-security/admin/tools/tools.php

    How is this possible if my website is protected by BPS?

    AITpro Admin

    As of BPS Pro 9.6 the Pro-Tools Base64 Decoder / Encoder tools were moved to their own individual pages and can be deleted individually from Pro-Tools. See this Forum link for full details:

    Not sure about the empty folder.  I assume your Host did this for some reason.  The File Hit List is your Server’s scanner seeing the BulletProof Security Pro tools.php legitimate file and code as malicious.  It is not malicious of course so you need to contact your Host and have them whitelist the bulletproof security plugin folder or just the tools.php file.

    Some Web Hosts will do a range of things from quarantining to deleting the Pro-Tools Base64 Decoder – tools.php file.  Most scanners are only capable of looking for very general things and cannot really tell the difference between good code or bad code.  In this case the Scanner is seeing standard PHP functions that are not used maliciously or have a malicious purpose.  That is one of the reasons I do not bother with scanners.  Eventually I will add a Scanner to BPS Pro, but it will have the disclaimer that false alarms/false flags are a standard occurrence with any scanner.

    Young Master

    Well understood. About that folder i think i know where its coming from. In my account today I found out a susdomain created with a domain which is not mine ie: my domain is but the subdomain created was now am trying to delete that subdomain but  it cannot be deleted because it doesnt exist for the user xxxx. I checked for ftp user accounts but there was only my ftp account.

Viewing 3 posts - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.