This file may contain malicious executable code – Wordfence warning

Home Forums BulletProof Security Pro This file may contain malicious executable code – Wordfence warning

Tagged: , ,

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • January 15, 2013 at 8:00 am #1033
    AITpro Admin
    Keymaster

    Email Question:

    I ran a security check after the installation and the system gave this message. Why did I get this file? I am planning to remove it.

    Filename:

    wp-content/plugins/bulletproof-security/admin/tools/tools.php

    File type:

    Not a core, theme or plugin file.

    Issue first detected:

    9 secs ago.

    Severity:

    Critical

    Status

    New

    This file is a PHP executable file and contains an eval() function and base64() decoding function on the same line. This is a common technique used by hackers to hide and execute code. If you know about this file you can choose to ignore it to exclude it from future scans. 

    Tools: View the file. Delete this file (can’t be undone).
    Resolve: I have fixed this issue Ignore until the file changes. Always ignore this file.

    January 15, 2013 at 8:08 am #1034
    AITpro Admin
    Keymaster

    UPDATE:
    As of BPS Pro 9.6 the Pro-Tools Base64 Decoder / Encoder tools were moved to their own individual pages and can be deleted individually from Pro-Tools. See this Forum link for full details:  http://forum.ait-pro.com/forums/topic/scanner-detects-malicious-code-or-infected-files-in-bps-pro-pro-tools/

    Scanners do not have the capability to actually tell the difference between good code and bad/malicious code with 100% accuracy.  Scanners look for coding patterns or php code functions that are used in hacking scripts.  Scanners can help to generally find possible code that could or might be bad, but a scanner just does not and can never be configured to have the capability to actually really tell you 100% if code is good or bad.  😉

    BulletProof Security Pro has a Base64 Decoding Tool in the Pro-Tools component of BPS Pro.  That Base64 decoding tool has standard legitimate php functions that are used to decode Base64 code/hackers code.  The Wordfence scanner is seeing those legitmate php functions in the tools.php file, but cannot really tell whether or not this is actually good or bad/malicious code and can only generally see that the code might be possibly bad/malicious.

    To solve this issue just tell Wordfence to always ignore this file.

  • Author
    Posts
Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.