WordPress.org

Ready to get started?Download WordPress

Forums

After 3.6 Update Kaspersky Phishing Block (3 posts)

  1. tinozee
    Member
    Posted 8 months ago #

    I was able to recreate this on separate servers using backups. The error/block msg appears just after update to 3.6. I assume it is a false positive, as I scanned locally all files and DB, and I run wordfence. All scans come back clean. I also religiously update and use trusted plugins, manually manage security best practices, etc.

    I submittied this to Kaspersky and they agree false pos., but give no details. Another note - it only happens with the default "light" heuristic analysis settings for phishing in KIS 2013. Switch to medium or deep analysis and it throws no error - odd (which makes me think it's a KIS bug).

    I post this here to help anyone who has seen the same. Please reply if you run KIS and see this and let me know what you think. I will report back if I get word from anywhere else.

    Take care.

  2. tinozee
    Member
    Posted 8 months ago #

    Update - I think this may have to do with using WP 3.6 with the apache acct URL type -
    xx.xx.xx.xx/~username

    But that is unfortunate if that is being flagged by apache. Once you hit the admin dir, it throws a phishing error.

  3. tinozee
    Member
    Posted 8 months ago #

    I think it has to do with the tilde identifying as a phishing url, but not sure what changed in 3.6 re: this, because it never threw an error pre 3.6.

Reply

You must log in to post.

About this Topic