Always ignore this file – bug

  • Qtwix

    (@albiurs)


    7 years, 1 month ago

    Hi,

    I’m joint-using Wordfence with Bulletproof Security Pro within a WPMU-installation and use Avada as a main Theme. BPS Pro creates backup files of Avada, whereas Wordfence finds a false positive issue in one of the Avada backup files. Now the issue is, that I cannot exclude it from the future scans by clicking the “Always ignore this file”-button. If I click the button, the issue disappears, but after the next scan, it’s back again. This is the message, I get from Wordfence:

    
File appears to be malicious: wp-content/bps-backup/autorestore/wp-content/themes/Avada/includes/avadaredux/extensions/vendorsupport/vendor_support/vendor/ace_editor/mode-php.js

Filename:	wp-content/bps-backup/autorestore/wp-content/themes/Avada/includes/avadaredux/extensions/vendorsupport/vendor_support/vendor/ace_editor/mode-php.js
File type:	Not a core, theme or plugin file.
Issue first detected:	54 secs ago.
Severity:	Critical
Status	New

This file appears to be installed by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: "EvalError|InternalError|RangeError|ReferenceError|StopIteration|SyntaxError|TypeError|URIError|decodeURI|decodeURIComponent|encodeURI|encodeURIComponent|eval|isFinite|isNaN|parseFloat|parseInt|JSON|Ma...". The infection type is: Suspicious eval with base64 decode.. This file was detected because you have enabled "Scan images, binary, and other files as if they were executable", which treats non-PHP files as if they were PHP code. This option is more aggressive than the usual scans, and may cause false positives.
Tools:
View the file. Delete this file (can't be undone).
  Select for bulk delete
Resolve:
I have fixed this issue Ignore until the file changes. Always ignore this file.

    For troubleshooting, I deactivated all other plugins (including BPS Pro) except of Wordfence and reset all .htaccess files to a minimal version, so they do not block anything. Hence, I have a clean WordPress-installation with only Wordfence installed, which is not able to exclude a single file form being scanned. As I removed any other possible causes, I think the issue is a bug within Wordfence. As I’m not a premium Wordfence user, I decided to post it here, in case you want to fix it. Meanwhile I just deactivate “Scan images, binary, and other files as if they were executable”, but of course this is not really a meaningful way to “work around” the issue…

    Best wishes,
    Urs

Viewing 1 replies (of 1 total)
  • wfalaa

    (@wfalaa)

    7 years, 1 month ago

    Hi Urs,
    Another workaround could be just excluding this backup directory from scan, so for example adding something like:
    /wp-content/bps-backup/autorestore/wp-content/themes/Avada/*
    to “Exclude files from scan that match these wildcard patterns” should be fine.

    I’m saying that because I tried to reproduce this issue but I couldn’t, I got the “Always ignore this file” button working fine so perhaps you can email me this file to “alaa [at] wordfence [dot] com” and I’ll give it another try.

    Thanks.

Viewing 1 replies (of 1 total)
  • The topic ‘Always ignore this file – bug’ is closed to new replies.