VaultPress Security – Suspicious Code

Home Forums BulletProof Security Pro VaultPress Security – Suspicious Code

Tagged: , ,

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • February 15, 2014 at 6:38 am #13186
    AITpro Admin
    Keymaster

    Email Question:

    Hi there

    I have installed BPS Pro at [domain name removed for privacy] which also has Vaultpress with security setting and it just emailed 4 warnings with BPS Pro. Is this safe to ignore?

    They include:

    Generic.Eval.1
    This code pattern is often used to execute unauthorized programs on your server. The code in these files needs to be reviewed, and possibly cleaned.

    PHP.Generic.BadPattern.1
    This code pattern is often used to execute unauthorized programs on your server. The code in these files needs to be reviewed, and possibly cleaned.

    PHP.Shell.Embedded.2
    VaultPress has detected a web-based “shell” a very dangerous backdoor which may allow unauthorized access to your server. A shell may be used to infect your server with a virus, or add malware to your site

    PHP.Suspicious.FC.1

    Thank you!

    VaultPress Suspicious Code

    February 15, 2014 at 6:45 am #13191
    AITpro Admin
    Keymaster

    The BulletProof Security Pro tools.php file is safe. The tools.php file is the BPS Pro Pro-Tools file/page. One of the Pro-Tools is a Base64 Decoding tool so VaultPress is seeing standard/legitimate php functions that relate to base64 decoding/encoding and it is triggering a false alert/false flag alert. Click the Ignore Threat buttons to whitelist/ignore the BPS Pro tools.php file.

    Scanners can only generally check for code/php functions/patterns/etc. and cannot actually tell the difference between good code or malicious code, but scanners typically have a way to whitelist things so that they do not trigger additional alerts in the future.

  • Author
    Posts
Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.