Quarantine file keeps returning

Home Forums BulletProof Security Pro Quarantine file keeps returning

Viewing 15 posts - 1 through 15 (of 17 total)
  • Author
  • #2535

    Hi, since installing BulletProof Pro a file keeps getting added to the root of my site called sess_a69868ba6473eb3e530625f522d19d09 i removed it and changed all the passwords but it keeps returning, is this a BulletProof File? It keeps getting added to the quarantine log every 20 mintutes. how do i find out where it is coming from, i’ve scanned all my files and i can’t see any hacking code.

    >>>>>>>>>>> Root File AutoRestore Logged – March 5, 2013 – 4:43 pm <<<<<<<<<<<
    Quarantined File: sess_a69868ba6473eb3e530625f522d19d09
    Quarantine Folder: /home/beesoninc/beesoninc.com/wp-content/bps-backup/quarantine/
    AutoRestored File: /home/beesoninc/beesoninc.com/sess_a69868ba6473eb3e530625f522d19d09
    Quarantined From/Restore Path: /home/beesoninc/beesoninc.com/sess_a69868ba6473eb3e530625f522d19d09
    AITpro Admin

    No, this file is not added/created by BPS Pro.  Sess_ is most likely short for Session so do you have any plugins installed that do anything with Session?  I Googled this and did not find an exact answer, but it could be related to a Cron firing every 20 minutes.  The next time another 1 of these files is sent to Quarantine use the View File Option to view the contents of the file.  Most likely it will be blank.


    AITpro Admin

    It could be that there is something incorrectly configured in your Server’s php.ini file or a custom php.ini file.


    AITpro Admin

    Your web host is DreamHost and I did not see any specific information about Session files being created.  I think this Stackoverflow post is also relevant to the issue/problem.  Are you seeing any php errors in your php error log?


    AITpro Admin

    If it turns out that the file is legit and safe then you can exclude it from being checked by AutoRestore by using the Exclude Folders & Files: tool and choose Exlude an Individual File.  Before you do this though you need to make sure this file is legit.  It sounds like something on your website is updating this session file with session information.  Then when that information is added/changed in that file the file is being autorestored.  This is something I have never heard of or seen before so do not exclude it until you find out exactly what it is.


    There are no errors in my php error log. I can’t add it to the Exclude an Individual File because the name changes went from sess_a69868ba6473eb3e530625f522d19d09 to sess_6870c3e837dbc7452534adbad196041f to sess_d238bfb25379ca115d05c747e0d633a1




    The file contains one letter V sometimes it is multiple VVVVVVVVV’s but thats it

    AITpro Admin

    Before I can advise you on what to do to exclude/ignore this Session file I need to know if this file is “safe” or not.  Please send me a copy of one of the session files to info at ait-pro dot com.  Have you found out what is creating these session files?  Thanks.


    Since deleting WP Maintenance plugin i havent had a repeat session added yet. I’ll send you one if i get another one.


    The WP Maintenance plugin was deactivated BTW but i’ve removed it now and so far so good.

    AITpro Admin

    Great!  Is the plugin the WP Maintenance Mode plugin?  I will install and test it to find out what it is doing exactly. Thanks


    Yes thats the one


    Plugins installed and active are:
    Akismet – Version 2.5.7
    BulletProof Security Pro – Version 5.6.1
    Contact Form 7 – Version 3.3.3
    Display widgets – Version 1.24
    Garee’s Twitter Stream – Version 1.0
    Really Simple CAPTCHA – Version 1.5
    Smart WYSIWYG Blocks Of Content – Version 0.6
    Widget Logic – Version 0.56
    WordPress SEO – Version 1.4.2
    WP-RSSImport – Version 4.4.12

    AITpro Admin

    I am not familiar with a few of these plugins, but none of them seem capable or likely of creating that UNIX encrypted session file.  I thought of another possibility – Do you use SSH to connect to your website?   This file could have something to do with an SSH Session input stream.  Please contact your Web Host and see if they know what this file is and what is creating it.  Thanks.


    I use SFTP to upload files i dont use SSH though. I’ll ask Dreamhost.

Viewing 15 posts - 1 through 15 (of 17 total)
  • You must be logged in to reply to this topic.