Home › Forums › BulletProof Security Pro › _index_ssl.html_gzip and _index_ssl.html files quarantined
- This topic has 3 replies, 2 voices, and was last updated 3 years ago by protection.
-
AuthorPosts
-
protectionParticipant
Hello –
Ever since updating to BPS Pro 15.9, there are two files that are being quarantined. This has happened multiple times. I can’t say with absolute certainty this is due to the update, but the timing is suspicious. The two files are:
- _index_ssl.html_gzip.xxxxxxx
- _index_ssl.html.xxxxxxx
The ‘xxxxxxx’ string is a numerical value. These files are trying to be written to /wp-content/etc/passwd/.
Could these files be from BPS?
Thanks,
Pete
AITpro AdminKeymasterA google search shows search results for the W3 Total Cache plugin > https://wordpress.org/support/topic/_index_ssl-html_gzip-marked-as-virus/. Based on the information in the link what is happening is your web host malware scanner is detecting the _index_ssl.html_gzip and _index_ssl.html files as malicious and is adding the xxxxx numerical value to the filename. AutoRestore|Quarantine is then quarantining these 2 files. Use the View File option in Quarantine to open these 2 files, copy the contents of the 2 files, paste the contents of the 2 files in an email and send the email to: info at ait-pro dot com. So I can take a look at the contents of these 2 files.
Those 2 files are used/created when you choose the W3TC Page Caching using disk: enhanced option.
protectionParticipantThanks for your quick response. I already reached out to W3TC support about these files because I saw the Google results about them too, but W3TC said they did not write those files. I think you brought up a good point about my hosting company appending the numerical values to the filename, because the response from W3TC support was “Also, W3 Total Cache does not add any numerical extension to .HTML files.”
As for the content within those files, there was nothing, because I tried viewing them too. It was just opening and closing HTML tags. Thanks for your willingness to look into this. I think we can close this, as it does seem more like a W3TC issue.
protectionParticipantI just noticed your update…it’s also possible because I was deactivating/reactivating W3TC for troubleshooting yesterday, those files were triggered. I do have enhanced page caching on. Thanks again!
-
AuthorPosts
- You must be logged in to reply to this topic.