hashes-4.6.1.php missing

linger0273
(@linger0273)

9 years, 8 months ago

I scaned my site today, and the report said “hashes-4.6.1.php missing”.
How can I fix this problem?

Viewing 3 replies - 1 through 3 (of 3 total)

Thread Starter linger0273
(@linger0273)

9 years, 8 months ago

hashes-4.6.1.php missing

the details is: The file containing hashes of all WordPress core files appears to be missing; modified core files will no longer be detected and a lot more suspicious strings will be detected
22-7ths
(@22-7ths)

9 years, 7 months ago
Ended up investigating and fixing this issue myself. Turns out the plugin has a core file scanner/utility/hash builder in source. This php file downloads ‘lastest.zip’ unzips it, and builds the needed hash file for core files.
====
First, make sure you the ZIP PHP module installed.
Under Ubuntu 16.04 for example using apt pkg:

sudo apt install php7.x-zip

(x = or 7.0 or 7.1 or another version.. depending on what you have installed – use ‘php -v’ to find cli version normally)

then:

sudo cp (wp-site)/wp-content/plugins/exploit-scanner/hashes-generator.php /tmp
php -f /tmp/hashes-generator.php > /tmp/hashes-x.x.x.php
sudo mv /tmp/hashes-x.x.x.php (wp-site)/wp-content/plugins/exploit-scanner

Replace x.x.x with WP lastest.zip version number. (as of this post – 4.6.1). (Root should be okay owning this new hash file – as web server is allowed to read it anyway.)

Go into wp-admin, run scan.
Done!
- This reply was modified 9 years, 7 months ago by 22-7ths.
- This reply was modified 9 years, 7 months ago by 22-7ths.
22-7ths
(@22-7ths)

9 years, 7 months ago

Oh and remove sudo rm /tmp/hashes-generator.php (if you like). Though, you may just want to leave it there.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘hashes-4.6.1.php missing’ is closed to new replies.