wp-config file quarantined – question

Home Forums BulletProof Security Pro wp-config file quarantined – question

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • #42563
    beatty2020
    Participant

    Hi,

    One of my clients had 3 files quarantined. I deleted two of the files (one was a phperrorlog and the other was a wp-admin/htaccess file), but the third one is the wp-config.php file. This has me concerned.

    The date that BPS Pro quarantined wp-config does not line up with when I last logged in. I did a check on isithacked.com for kicks and saw this response for “Cloaking”:

    There is a difference of 253843 bytes between the version of the page you serve to Chrome and the version you serve to GoogleBot. This probably means some code is running on your site that’s trying to hide from browsers but make Google think there’s something else on the page

    And this:
    <h3>Status codes</h3>

    These should normally all be the same.

    – Google Chrome returned code 0

    – GoogleBot returned code 200

    What steps should I take to find out whether or not the wp-config file has actually been compromised? I’m looking at the file and nothing out of the ordinary stands out to me.

    Thank you.

    #42567
    AITpro Admin
    Keymaster

    You can do a side by side comparison of your live wp-config.php file and the quarantined wp-config.php file.  Open the quarantined wp-config.php file and copy the code into Notepad++.  Use your web host control panel file manager and copy the code out of your live wp-config.php file and copy it into a new tab in Notepad++ then compare the code in the 2 files.  I have seen cases where other plugins do a file get contents on the wp-config.php file, which triggers AutoRestore|Quarantine to quarantine the wp-config.php file. To the naked eye there will be no visible difference in the file, but if the file size is different by even 1 byte then ARQ will quarantine it.

    #42570
    beatty2020
    Participant

    OK side by side comparison showed the quarantined wp-config file had this:

    define('WP_DEBUG_LOG', false);

    The non-quarantined file has the debug log set to ‘true’.

    Is this a feature of BPS Pro that I just didn’t realize (until now)? I normally only set it to ‘true’ when I’m troubleshooting.

    #42573
    AITpro Admin
    Keymaster

    AutoRestore|Quarantine checks your files for any changes against backup copies.  If the file changes the backup copy is autorestored and the changed file is quarantined.

    #42580
    beatty2020
    Participant

    Great, thanks!

Viewing 5 posts - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.