_index_ssl.html_gzip and _index_ssl.html files quarantined

Home Forums BulletProof Security Pro _index_ssl.html_gzip and _index_ssl.html files quarantined

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • October 7, 2021 at 7:28 am #40759
    protection
    Participant

    Hello –

    Ever since updating to BPS Pro 15.9, there are two files that are being quarantined. This has happened multiple times. I can’t say with absolute certainty this is due to the update, but the timing is suspicious. The two files are:

    • _index_ssl.html_gzip.xxxxxxx
    • _index_ssl.html.xxxxxxx

    The ‘xxxxxxx’ string is a numerical value.  These files are trying to be written to /wp-content/etc/passwd/.

    Could these files be from BPS?

    Thanks,

    Pete

    October 7, 2021 at 8:05 am #40760
    AITpro Admin
    Keymaster

    A google search shows search results for the W3 Total Cache plugin > https://wordpress.org/support/topic/_index_ssl-html_gzip-marked-as-virus/. Based on the information in the link what is happening is your web host malware scanner is detecting the _index_ssl.html_gzip and _index_ssl.html files as malicious and is adding the xxxxx numerical value to the filename. AutoRestore|Quarantine is then quarantining these 2 files. Use the View File option in Quarantine to open these 2 files, copy the contents of the 2 files, paste the contents of the 2 files in an email and send the email to: info at ait-pro dot com. So I can take a look at the contents of these 2 files.

    Those 2 files are used/created when you choose the W3TC Page Caching using disk: enhanced option.

    October 7, 2021 at 8:13 am #40763
    protection
    Participant

    Thanks for your quick response. I already reached out to W3TC support about these files because I saw the Google results about them too, but W3TC said they did not write those files. I think you brought up a good point about my hosting company appending the numerical values to the filename, because the response from W3TC support was “Also, W3 Total Cache does not add any numerical extension to .HTML files.”

    As for the content within those files, there was nothing, because I tried viewing them too. It was just opening and closing HTML tags. Thanks for your willingness to look into this. I think we can close this, as it does seem more like a W3TC issue.

    October 7, 2021 at 8:15 am #40764
    protection
    Participant

    I just noticed your update…it’s also possible because I was deactivating/reactivating W3TC for troubleshooting yesterday, those files were triggered. I do have enhanced page caching on. Thanks again!

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.