WordPress.org

Ready to get started?Download WordPress

Forums

Wordfence Security
[resolved] Malicious Attempt to Access Your Hosting Account "xxx" is Detected (9 posts)

  1. cloudduster
    Member
    Posted 6 months ago #

    I received a lengthy email from my host and at the bottom of it, this text

    '[PHP Exploit [P0167]]': /home/xxx/public_html/addonsites/xxx/wp-content/plugins/wordfence/readme.txt

    I'm more inclined to believe that this is a false positive, right?

    http://wordpress.org/plugins/wordfence/

  2. Wordfence
    Member
    Plugin Author

    Posted 6 months ago #

    Hi,

    Thanks for the report. Yes it's almost certainly a false positive. I Googled around and didn't find any info on P0167 other than a few random results that made no sense. Can you ask your host what exactly they're pickup up on in our readme.txt and I'll get that fixed so it doesn't show up as a false positive.

    My guess is it's one of the malicious script names we mention in the readme.txt which we list as the scripts we scan for that it may be detecting - perhaps a mere mention of the name triggers their scanning software.

    Regards,

    Mark.

  3. cloudduster
    Member
    Posted 6 months ago #

    My hosting company confirmed that this is a false-positive but unable to whitelist any references to 'wordfence/readme.txt' because it could be used by some malware to inject codes to similar files in order to get whitelisted.

  4. cloudduster
    Member
    Posted 6 months ago #

    Update:

    Read Me file was marked as suspicious by security system called 'ConfigServer eXploit Scanner'.
    Wordfence author can contact them at http://configserver.com/contact.html , since this exploit scanner is rather popular at hosting companies.

  5. leehodson
    Member
    Posted 6 months ago #

    This is a recurring issue for me too. Keep getting malicious exploit notices re readme.txt from my host's virus scanner. This began about 2 weeks ago. I'm using Namecheap as my host.

  6. morcom
    Member
    Posted 2 months ago #

    This also just started for me this week on 4 of my sites and I'm also using Namecheap.

  7. davidyurchuk
    Member
    Posted 1 week ago #

    I received a notice, as well. I also use NameCheap. I'm assuming that since it is only a read-me file, it doesn't affect functionality of the plug-in. However, I don't want any negative impressions with my hosting provider that my sites are vulnerable to attacks.

    Any updates on this issue? Thanks!

  8. davidyurchuk
    Member
    Posted 1 week ago #

    http://www.wordfence.com/blog/2013/09/wordfence-flag-theme-plugin-malicious-url/

    This seems to address the issue. I currently have the file quarantined. I think I'll just leave it there. :)

  9. leehodson
    Member
    Posted 1 week ago #

    This still happens to me every time I update Wordfence in every site I have installed on the server.

    I love that Namecheap takes security serious (unlike some hosts) but the Wordfence Readme file being quarantined every time it is uploaded does bug me.

Reply

You must log in to post.

About this Plugin

About this Topic

Tags

No tags yet.