Home › Forums › BulletProof Security Pro › Quarantine file keeps returning
- This topic has 16 replies, 2 voices, and was last updated 10 years, 6 months ago by
AITpro Admin.
-
AuthorPosts
-
Patrick Quirke
MemberHi, since installing BulletProof Pro a file keeps getting added to the root of my site called sess_a69868ba6473eb3e530625f522d19d09 i removed it and changed all the passwords but it keeps returning, is this a BulletProof File? It keeps getting added to the quarantine log every 20 mintutes. how do i find out where it is coming from, i’ve scanned all my files and i can’t see any hacking code.
>>>>>>>>>>> Root File AutoRestore Logged – March 5, 2013 – 4:43 pm <<<<<<<<<<< Quarantined File: sess_a69868ba6473eb3e530625f522d19d09 Quarantine Folder: /home/beesoninc/beesoninc.com/wp-content/bps-backup/quarantine/ AutoRestored File: /home/beesoninc/beesoninc.com/sess_a69868ba6473eb3e530625f522d19d09 Quarantined From/Restore Path: /home/beesoninc/beesoninc.com/sess_a69868ba6473eb3e530625f522d19d09
AITpro Admin
KeymasterNo, this file is not added/created by BPS Pro. Sess_ is most likely short for Session so do you have any plugins installed that do anything with Session? I Googled this and did not find an exact answer, but it could be related to a Cron firing every 20 minutes. The next time another 1 of these files is sent to Quarantine use the View File Option to view the contents of the file. Most likely it will be blank.
AITpro Admin
KeymasterIt could be that there is something incorrectly configured in your Server’s php.ini file or a custom php.ini file.
http://stackoverflow.com/questions/654310/cleanup-php-session-files
AITpro Admin
KeymasterYour web host is DreamHost and I did not see any specific information about Session files being created. I think this Stackoverflow post is also relevant to the issue/problem. Are you seeing any php errors in your php error log?
http://stackoverflow.com/questions/6821532/php-warning-permission-denied-13-on-session-start
AITpro Admin
KeymasterIf it turns out that the file is legit and safe then you can exclude it from being checked by AutoRestore by using the Exclude Folders & Files: tool and choose Exlude an Individual File. Before you do this though you need to make sure this file is legit. It sounds like something on your website is updating this session file with session information. Then when that information is added/changed in that file the file is being autorestored. This is something I have never heard of or seen before so do not exclude it until you find out exactly what it is.
Patrick Quirke
MemberThere are no errors in my php error log. I can’t add it to the Exclude an Individual File because the name changes went from sess_a69868ba6473eb3e530625f522d19d09 to sess_6870c3e837dbc7452534adbad196041f to sess_d238bfb25379ca115d05c747e0d633a1
Patrick Quirke
MemberThe file contains one letter V sometimes it is multiple VVVVVVVVV’s but thats it
AITpro Admin
KeymasterBefore I can advise you on what to do to exclude/ignore this Session file I need to know if this file is “safe” or not. Please send me a copy of one of the session files to info at ait-pro dot com. Have you found out what is creating these session files? Thanks.
Patrick Quirke
MemberSince deleting WP Maintenance plugin i havent had a repeat session added yet. I’ll send you one if i get another one.
Patrick Quirke
MemberThe WP Maintenance plugin was deactivated BTW but i’ve removed it now and so far so good.
AITpro Admin
KeymasterGreat! Is the plugin the WP Maintenance Mode plugin? I will install and test it to find out what it is doing exactly. Thanks
Patrick Quirke
MemberYes thats the one
Patrick Quirke
MemberPlugins installed and active are:
Akismet – Version 2.5.7
BulletProof Security Pro – Version 5.6.1
Contact Form 7 – Version 3.3.3
Display widgets – Version 1.24
Garee’s Twitter Stream – Version 1.0
Really Simple CAPTCHA – Version 1.5
Smart WYSIWYG Blocks Of Content – Version 0.6
Widget Logic – Version 0.56
WordPress SEO – Version 1.4.2
WP-RSSImport – Version 4.4.12AITpro Admin
KeymasterI am not familiar with a few of these plugins, but none of them seem capable or likely of creating that UNIX encrypted session file. I thought of another possibility – Do you use SSH to connect to your website? This file could have something to do with an SSH Session input stream. Please contact your Web Host and see if they know what this file is and what is creating it. Thanks.
Patrick Quirke
MemberI use SFTP to upload files i dont use SSH though. I’ll ask Dreamhost.
-
AuthorPosts
- You must be logged in to reply to this topic.