WordPress readme.html file quarantined repeatedly

Home Forums BulletProof Security Pro WordPress readme.html file quarantined repeatedly

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • February 20, 2015 at 8:08 am #21013
    Jack Smith
    Participant

    I have been getting continuous messages in quarantine stating “/home/content/xxxxx/09/2120909/html/readme.html” has been quarantined.  It is the same file, over and over, with the quarantine messages running about 9 seconds apart: I have ran the delete on this, but it keeps coming back.  This morning I had 61 emails, notifying me of this same file being quarantined 61 times.  This appears to have just started on Feb. 19th.

    readme.html              /home/content/xxxxx/09/2120909/html/readme.html             2015-02-20 06:10:27
    readme.html              /home/content/xxxxx/09/2120909/html/readme.html             2015-02-20 06:20:36
    readme.html              /home/content/xxxxx/09/2120909/html/readme.html             2015-02-20 06:40:54
    readme.html              /home/content/xxxxx/09/2120909/html/readme.html             2015-02-20 06:51:04
    readme.html              /home/content/xxxxx/09/2120909/html/readme.html             2015-02-20 07:01:13
    readme.html              /home/content/xxxxx/09/2120909/html/readme.html             2015-02-20 07:11:27

    February 20, 2015 at 8:16 am #21014
    Jack Smith
    Participant

    UPDATE: [Quarantine Log entries deleted as they are not related to this issue]

    February 20, 2015 at 8:23 am #21015
    Jack Smith
    Participant

    Security Log is showing the following:

    [403 GET / HEAD Request: January 29, 2015 - 9:07 am]
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: 173.208.203.138
Host Name: 173.208.203.138
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER:
REQUEST_URI: //info_sub.asp
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)

[403 GET / HEAD Request: January 29, 2015 - 9:07 am]
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: 173.208.203.138
Host Name: 173.208.203.138
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER:
REQUEST_URI: //edu.asp
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)

[WP Automatic Update - ARQ was turned Off - February 19, 2015 - 9:42 am]

[WP Automatic Update - ARQ wp-includes File Backup - February 19, 2015 - 9:42 am]
File: /home/content/xxxxx/09/2120909/html/wp-includes/taxonomy.php

[WP Automatic Update - ARQ wp-includes File Backup - February 19, 2015 - 9:42 am]
File: /home/content/xxxxx/09/2120909/html/wp-includes/script-loader.php

[WP Automatic Update - ARQ wp-includes File Backup - February 19, 2015 - 9:42 am]
File: /home/content/xxxxx/09/2120909/html/wp-includes/class-wp-customize-setting.php

[WP Automatic Update - ARQ wp-includes File Backup - February 19, 2015 - 9:42 am]
File: /home/content/xxxxx/09/2120909/html/wp-includes/class-wp-customize-manager.php

[WP Automatic Update - ARQ wp-includes File Backup - February 19, 2015 - 9:42 am]
File: /home/content/xxxxx/09/2120909/html/wp-includes/js/media-audiovideo.min.js

[WP Automatic Update - ARQ wp-includes File Backup - February 19, 2015 - 9:42 am]
File: /home/content/xxxxx/09/2120909/html/wp-includes/js/media-grid.min.js

[WP Automatic Update - ARQ wp-includes File Backup - February 19, 2015 - 9:42 am]
File: /home/content/xxxxx/09/2120909/html/wp-includes/js/media-grid.js

[WP Automatic Update - ARQ wp-includes File Backup - February 19, 2015 - 9:42 am]
File: /home/content/xxxxx/09/2120909/html/wp-includes/js/media-audiovideo.js

[WP Automatic Update - ARQ wp-includes File Backup - February 19, 2015 - 9:42 am]
File: /home/content/xxxxx/09/2120909/html/wp-includes/js/tinymce/wp-tinymce.js.gz

[WP Automatic Update - ARQ wp-includes File Backup - February 19, 2015 - 9:42 am]
File: /home/content/xxxxx/09/2120909/html/wp-includes/js/tinymce/plugins/wpeditimage/plugin.min.js

[WP Automatic Update - ARQ wp-includes File Backup - February 19, 2015 - 9:42 am]
File: /home/content/xxxxx/09/2120909/html/wp-includes/js/tinymce/plugins/wpeditimage/plugin.js

[WP Automatic Update - ARQ wp-includes File Backup - February 19, 2015 - 9:42 am]
File: /home/content/xxxxx/09/2120909/html/wp-includes/link-template.php

[WP Automatic Update - ARQ wp-includes File Backup - February 19, 2015 - 9:42 am]
File: /home/content/xxxxx/09/2120909/html/wp-includes/version.php

[WP Automatic Update - ARQ wp-includes File Backup - February 19, 2015 - 9:42 am]
File: /home/content/xxxxx/09/2120909/html/wp-includes/general-template.php

[WP Automatic Update - ARQ wp-includes File Backup - February 19, 2015 - 9:42 am]
File: /home/content/xxxxx/09/2120909/html/wp-includes/update.php

[WP Automatic Update - ARQ wp-includes File Backup - February 19, 2015 - 9:42 am]
File: /home/content/xxxxx/09/2120909/html/wp-includes/date.php

[WP Automatic Update - index.php file locked - February 19, 2015 - 9:42 am]

[WP Automatic Update - wp-blog-header.php file locked - February 19, 2015 - 9:42 am]

[WP Automatic Update - PHP Error Log timestamp synchronized - February 19, 2015 - 9:42 am]

[WP Automatic Update - WP Update Time - February 19, 2015 - 9:42 am]
WP Version Synchronized
WP Update Time: February 19 2015 09:41
BPS DB Value Time +15: February 19 2015 09:56

[WP Automatic Update - ARQ was turned back On - February 19, 2015 - 9:42 am]
    February 20, 2015 at 8:35 am #21019
    AITpro Admin
    Keymaster

    Do these steps to correct the readme.html file repeatedly being quarantined issue/problem:
    1.  Go to AutoRestore and Turn Off the ARQ Cron.
    2.  Click the Delete Files buttons for: Root Files, wp-admin Files, wp-includes Files and wp-content Files.
    3.  Click the Backup Files buttons for: Root Files, wp-admin Files, wp-includes Files and wp-content Files.
    4. Turn the ARQ Cron back On.
    5. If there are any left over readme.html files in Quarantine you can either restore them or delete them from Quarantine.

    The Security Log shows a couple of random hacker probes that were blocked and the WordPress Automatic Update for the WordPress 4.1.1 Automatic update.

    February 20, 2015 at 2:51 pm #21021
    Jack Smith
    Participant

    HOORAY!!  That fixed the problem.  I have had no other quarantine messages, or chatter from that file.

    Thanks a bunch!

    February 20, 2015 at 2:57 pm #21022
    AITpro Admin
    Keymaster

    Great!  Thanks for confirming that.  We know what the root cause of this problem is and are looking at the best way to permanently fix this.  It is a problem that rarely occurs, but it should never occur.

  • Author
    Posts
Viewing 6 posts - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.