Quarantine file keeps returning

Home Forums BulletProof Security Pro Quarantine file keeps returning

Viewing 15 posts - 1 through 15 (of 17 total)
1 2
  • Author
    Posts
  • March 5, 2013 at 1:56 pm #2535
    Patrick Quirke
    Member

    Hi, since installing BulletProof Pro a file keeps getting added to the root of my site called sess_a69868ba6473eb3e530625f522d19d09 i removed it and changed all the passwords but it keeps returning, is this a BulletProof File? It keeps getting added to the quarantine log every 20 mintutes. how do i find out where it is coming from, i’ve scanned all my files and i can’t see any hacking code.

    >>>>>>>>>>> Root File AutoRestore Logged – March 5, 2013 – 4:43 pm <<<<<<<<<<<
Quarantined File: sess_a69868ba6473eb3e530625f522d19d09
Quarantine Folder: /home/beesoninc/beesoninc.com/wp-content/bps-backup/quarantine/
AutoRestored File: /home/beesoninc/beesoninc.com/sess_a69868ba6473eb3e530625f522d19d09
Quarantined From/Restore Path: /home/beesoninc/beesoninc.com/sess_a69868ba6473eb3e530625f522d19d09
    March 5, 2013 at 2:08 pm #2536
    AITpro Admin
    Keymaster

    No, this file is not added/created by BPS Pro.  Sess_ is most likely short for Session so do you have any plugins installed that do anything with Session?  I Googled this and did not find an exact answer, but it could be related to a Cron firing every 20 minutes.  The next time another 1 of these files is sent to Quarantine use the View File Option to view the contents of the file.  Most likely it will be blank.

    http://serverfault.com/questions/354482/what-do-do-about-php-sess-files-not-being-cleaned-up-due-to-cron-error

    March 5, 2013 at 2:15 pm #2538
    AITpro Admin
    Keymaster

    It could be that there is something incorrectly configured in your Server’s php.ini file or a custom php.ini file.

    http://stackoverflow.com/questions/654310/cleanup-php-session-files

    March 5, 2013 at 2:36 pm #2541
    AITpro Admin
    Keymaster

    Your web host is DreamHost and I did not see any specific information about Session files being created.  I think this Stackoverflow post is also relevant to the issue/problem.  Are you seeing any php errors in your php error log?

    http://stackoverflow.com/questions/6821532/php-warning-permission-denied-13-on-session-start

    March 5, 2013 at 3:08 pm #2547
    AITpro Admin
    Keymaster

    If it turns out that the file is legit and safe then you can exclude it from being checked by AutoRestore by using the Exclude Folders & Files: tool and choose Exlude an Individual File.  Before you do this though you need to make sure this file is legit.  It sounds like something on your website is updating this session file with session information.  Then when that information is added/changed in that file the file is being autorestored.  This is something I have never heard of or seen before so do not exclude it until you find out exactly what it is.

    March 7, 2013 at 7:44 am #2605
    Patrick Quirke
    Member

    There are no errors in my php error log. I can’t add it to the Exclude an Individual File because the name changes went from sess_a69868ba6473eb3e530625f522d19d09 to sess_6870c3e837dbc7452534adbad196041f to sess_d238bfb25379ca115d05c747e0d633a1

     

     

    March 7, 2013 at 7:46 am #2606
    Patrick Quirke
    Member

    The file contains one letter V sometimes it is multiple VVVVVVVVV’s but thats it

    March 7, 2013 at 8:46 am #2617
    AITpro Admin
    Keymaster

    Before I can advise you on what to do to exclude/ignore this Session file I need to know if this file is “safe” or not.  Please send me a copy of one of the session files to info at ait-pro dot com.  Have you found out what is creating these session files?  Thanks.

    March 7, 2013 at 8:56 am #2619
    Patrick Quirke
    Member

    Since deleting WP Maintenance plugin i havent had a repeat session added yet. I’ll send you one if i get another one.

    March 7, 2013 at 8:57 am #2620
    Patrick Quirke
    Member

    The WP Maintenance plugin was deactivated BTW but i’ve removed it now and so far so good.

    March 7, 2013 at 9:02 am #2622
    AITpro Admin
    Keymaster

    Great!  Is the plugin the WP Maintenance Mode plugin?  I will install and test it to find out what it is doing exactly. Thanks

    March 7, 2013 at 9:04 am #2623
    Patrick Quirke
    Member

    Yes thats the one

    March 7, 2013 at 11:01 am #2638
    Patrick Quirke
    Member

    Plugins installed and active are:
    Akismet – Version 2.5.7
    BulletProof Security Pro – Version 5.6.1
    Contact Form 7 – Version 3.3.3
    Display widgets – Version 1.24
    Garee’s Twitter Stream – Version 1.0
    Really Simple CAPTCHA – Version 1.5
    Smart WYSIWYG Blocks Of Content – Version 0.6
    Widget Logic – Version 0.56
    WordPress SEO – Version 1.4.2
    WP-RSSImport – Version 4.4.12

    March 7, 2013 at 11:09 am #2643
    AITpro Admin
    Keymaster

    I am not familiar with a few of these plugins, but none of them seem capable or likely of creating that UNIX encrypted session file.  I thought of another possibility – Do you use SSH to connect to your website?   This file could have something to do with an SSH Session input stream.  Please contact your Web Host and see if they know what this file is and what is creating it.  Thanks.

    March 7, 2013 at 11:10 am #2645
    Patrick Quirke
    Member

    I use SFTP to upload files i dont use SSH though. I’ll ask Dreamhost.

  • Author
    Posts
Viewing 15 posts - 1 through 15 (of 17 total)
1 2
  • You must be logged in to reply to this topic.