File Change Detection Scan: Need Basic Help!

  • Resolved whenwewerentlooking

    (@whenwewerentlooking)


    3 years, 1 month ago

    Hi,

    I recently installed All-In-One WP Security & Firewall Plugin and am using the free version, as my blog is not monetized. I did my best to navigate through all of the setup, and I turned ON the File Change Detection SCAN feature, set it for a weekly scan and e-mail notification.

    However, I now weekly receive an email stating “A file change was detected on your site…” and the Plugin Dashboard for Scanning says “All In One WP Security & Firewall has detected that there was a change in your host’s files.” The list of changed files is thousands of files long.

    I have NO IDEA how to interpret this. I have not made any changes or additions to my WP site in the month of April, yet I have received these file change notices throughout April. Are these hackers? Or are these files just being changed by updates? I have no idea. I am not particularly savvy at adding exclusions either.

    Thank you in advance for your help!

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Support hjogiupdraftplus

    (@hjogiupdraftplus)

    3 years, 1 month ago

    Hi @whenwewerentlooking

    If you are getting thousands of file. are there inside particular folder like /wp-content/cache/ or /wp-content/uploads/ ?

    If you can share with us sample list of that file change detected using http://pastebin.com/, I can review and let you know if it is hacked site.

    you can exclude particular folders if it is regarding cache or log files etc.

    Regards

    Thread Starter whenwewerentlooking

    (@whenwewerentlooking)

    3 years ago

    Hello! So, I am not familiar with PasteBin. But I have created an account and added the first e-mail I received from AIO WP Security as a paste. How do I share it with you? Is it just the URL? If so, that is https://pastebin.com/dD3cZvBd .

    There are 3000 plus lines. I do not have any experience with coding for my WP site. However, I am good at following specific directions, to make things work, like “copy/past a specific file path.”

    Am I getting a bunch of false positives? What would that be from, like plugin updates? What would be really helpful is a basic tutorial, like what malware looks like or doesn’t look like, what to look for, what is safe. I really appreciate your insight and help!

    Plugin Support hjogiupdraftplus

    (@hjogiupdraftplus)

    3 years ago

    Hi @whenwewerentlooking

    I can see those list from the url you shared. You can delete it now

    Those 3000 lines seems regarding the below plugin updates, you can add below list as Files/Directories to ignore inside WP Security > Scanner > File change detection. Also in future if you know that particular plugin updated you can ignore it.

    wp-content/plugins/jetpack
    wp-content/plugins/blog-designer
    wp-content/plugins/sassy-social-share
    wp-content/plugins/post-grid-and-filter-ultimate

    But generally Malwares are in php file with code having exec , eval, base64 etc functions. mainly it will start redirect your site to othesites or start sending emails.

    Thread Starter whenwewerentlooking

    (@whenwewerentlooking)

    3 years ago

    Great, thanks! You said, “But generally Malwares are in php file with code having exec , eval, base64 etc functions.” Can you elaborate? What is php file, and could I recognize the “code” in some way? What would be the folder it would show up in? Thanks!

    Plugin Support hjogiupdraftplus

    (@hjogiupdraftplus)

    3 years ago

    Hi @whenwewerentlooking

    WordPress is written using PHP as the scripting language. you may cross check more regarding PHP language.

    Malware code will look like the image mentioned below.

    https://snipboard.io/TGNKOu.jpg

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘File Change Detection Scan: Need Basic Help!’ is closed to new replies.