Confirming False Positive w/ Updraft

  • Resolved Garrett Hyder

    (@garrett-eclipse)


    8 years, 7 months ago

    Hello,

    I just wanted to be sure this was a False Positive, from looking at the file doesn’t look malicious or different from the file on wp.org.

    View post on imgur.com

    This file may contain malicious executable code: /home/dev/public_html/getlostfindyourself/wp-content/plugins/updraftplus/vendor/phpseclib/phpseclib/phpseclib/Crypt/Base.php
    Filename: wp-content/plugins/updraftplus/vendor/phpseclib/phpseclib/phpseclib/Crypt/Base.php
    File Type: Not a core, theme or plugin file.
    Issue First Detected: 5 hours 51 mins ago.
    Severity: Critical
    Status New
    This file is a PHP executable file and contains the word ‘eval’ (without quotes) and the word ‘unpack(‘ (without quotes). The eval() function along with an encoding function like the one mentioned are commonly used by hackers to hide their code. If you know about this file you can choose to ignore it to exclude it from future scans. This file was detected because you have enabled HIGH SENSITIVITY scanning. This option is more aggressive than the usual scans, and may cause false positives.

    Much appreciated

    The page I need help with: [log in to see the link]

Viewing 7 replies - 1 through 7 (of 7 total)
  • joelpeterson

    (@joelpeterson)

    8 years, 7 months ago

    I’m also seeing this on several of our sites…..

    wfalaa

    (@wfalaa)

    8 years, 7 months ago

    Hi Garrett,
    It’s the same as the “Yellow Pencil” case here, you still have “HIGH SENSITIVITY” scan enabled.

    Thanks.

    Thread Starter Garrett Hyder

    (@garrett-eclipse)

    8 years, 7 months ago

    Thanks @wfalaa, appreciate the confirmation. Just checking my suspicion. Cheers

    backpackingseries

    (@backpackingseries)

    8 years, 6 months ago

    Just wanted to verify – is this the same issue with WP SMTP plugin? The message is:

    This file may contain malicious executable code: /plugins/wp-mail-smtp/vendor/phpseclib/phpseclib/phpseclib/Crypt/Base.php
    File Type: Not a core, theme or plugin file.

    This file is a PHP executable file and contains the word ‘eval’ (without quotes) and the word ‘unpack(‘ (without quotes). The eval() function along with an encoding function like the one mentioned are commonly used by hackers to hide their code. If you know about this file you can choose to ignore it to exclude it from future scans. This file was detected because you have enabled HIGH SENSITIVITY scanning. This option is more aggressive than the usual scans, and may cause false positives.

    thank you

    Thread Starter Garrett Hyder

    (@garrett-eclipse)

    8 years, 6 months ago

    Hi @backpackingseries,

    It appears to be using the same phpsec library, but how I found out you can be certain is if you download the source from ww.wp.xz.cn and compare your copy with the hosted copy. If they match then it’s a false positive.

    Cheers

    backpackingseries

    (@backpackingseries)

    8 years, 6 months ago

    Hi @garrett-eclipse,

    Thank you for that helpful suggestion.

    I just got a response from WP SMTP plugin author that it’s a safe file and that they’ve opened an issue on github to track this issue to possibly get rid of the eval function.

    Thanks again for the tip.

    Kind regards

    Thread Starter Garrett Hyder

    (@garrett-eclipse)

    8 years, 6 months ago

    No worries, thanks for following up with the WPSMTP plugin authors response. All the best

Viewing 7 replies - 1 through 7 (of 7 total)

The topic ‘Confirming False Positive w/ Updraft’ is closed to new replies.