WordPress.org

Ready to get started?Download WordPress

Forums

Sucuri Security - SiteCheck Malware Scanner
[resolved] Integrity check 3.5.1 to 3.6.1 (4 posts)

  1. eva2000
    Member
    Posted 7 months ago #

    On a local test install i upgraded WP from 3.5.1 to 3.6.1 then installed Sucurit WordPress scanner plugin and the integrity check run returns output for following files ? What does this mean that these files were modified compared to whos' wordpress hashing database ? Sucuri's ?

    compared to 3.5.1 or 3.6.1 ?

    Core File Added:1
    ./wp-includes/.htaccess

    Core File Removed: 4
    ./wp-admin/js/categories.js
    ./wp-admin/js/categories.min.js
    ./wp-admin/js/custom-fields.js
    ./wp-admin/js/custom-fields.min.js

    Core File Modified: 16
    ./wp-includes/post-template.php
    ./wp-includes/comment-template.php
    ./wp-includes/pluggable.php
    ./wp-includes/class-http.php
    ./wp-includes/theme.php
    ./wp-includes/link-template.php
    ./wp-includes/ms-functions.php
    ./wp-includes/functions.php
    ./wp-admin/network/upgrade.php
    ./wp-admin/js/common.min.js
    ./wp-admin/js/common.js
    ./wp-admin/nav-menus.php
    ./wp-admin/includes/template.php
    ./wp-admin/includes/update-core.php
    ./wp-admin/includes/post.php
    ./wp-admin/about.php

    http://wordpress.org/plugins/sucuri-scanner/

  2. bobeaston
    Member
    Posted 7 months ago #

    I saw exactly the same results immediately after a clean install using Dreamhost's one-click installer.

    I posted exactly the same question to Sucuri's support email address and received an answer asking if I was a customer and to login and submit again.

    ----MY Conclusions----
    1. The question is about a free function, the WordPress Integrity scan in the WordPress plug-in.

    2. If the free version of a product is presenting false results (I suspect these are "false positives"), then what confidence should I have that the fee version of the product is any better?"

    3. Some of us are very reluctant to invest in products that won't answer simple support questions about free services? That behavior suggests how the fee paying customers might also be subject to overly zealous gate keepers.

    Meanwhile Sucuri corporate is having a party about acquiring another firm and expanding their offerings.

  3. bobeaston
    Member
    Posted 7 months ago #

    Another variation.
    I reported seeing these "false positives" after a Dreamhost "one-click" install. Exactly the same as the original post 4 core files removed and 16 core files modified.

    Not being absolutely sure what the Dreamhost installer robot does, I installed a new blog COMPLETELY from scratch, new DB, new WP 3.6.1 files downloaded directly form WP, etc.

    Akismet ant Hello Dolly are "built in," but not activated, plugins. Immediately after loggin in the first time, I installed the Sucuri bplug-in (level 1.4.7) and ran the WP Integrity Check.

    Once again, EXACTLY the same 4 and 16 files identified. It looks like Sucuri hasn't updated their hash references for 3.6.1.

    This is NOT a confidence builder. Nor are their support practices.

    Apparently, I'm not alone in worrying about scanners that find a bunch of false positives. (Why should we spend good money and time on false alarms?)

    I found this: "...with a scanner this poor it is unlikely that it will actually do a good job of detecting when website are infected. "

    Read the whole thing at: http://www.whitefirdesign.com/blog/2012/06/25/false-positives-highlight-deeply-flawed-website-malware-scanners/

  4. Daniel Cid
    Member
    Plugin Author

    Posted 6 months ago #

    It has been fixed. Our integrity database was still set for 3.6, so the changes on 3.6.1 were showing as modified.

    thanks!

Reply

You must log in to post.

About this Plugin

About this Topic

Tags