Support » Plugin: Sucuri Security - Auditing, Malware Scanner and Security Hardening » Consistent daily email alerts but Dashboard shows clean core

  • Resolved jamesvg

    (@jamesvg)


    Plugin version 1.8.1.

    Server environment is load-balanced and replicating via rsync.

    We’re getting daily Sucuri emails about a healthcheck.html file on the system. The IP listed on the email is the load balancer IP. The file is part of the rsync setup and a known addition to the core.

    When we view the Sucuri Dashboard, no files are listed — the core reports as clean.

    We’ve enabled and added the file’s specific path (same on both servers) to the Ignore list.

    Still, the email alerts keep coming.

    Is there anything we can to prevent this file from generating these alerts?

    Thanks.

    — James

    https://wordpress.org/plugins/sucuri-scanner/

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author yorman

    (@yorman)

    That sounds like a bug, but can’t confirm at the moment. If the email alerts have “Core Integrity Check” or something similar in the title you can trick the plugin to stop sending alerts about that file, which clearly is a false / positive.

    You can do that by creating the file in the same location that the plugin is showing, then go to the plugin’s dashboard and under the “Core Integrity” panel you should see the filename, select it and choose the option (at the bottom of the table) named “Mark as fixed”, this will force the plugin to ignore the file during the future scans.

    Let me know if it works for you.

    Thanks for the suggestion, but it seems like the problem might be different.

    We investigated a little further and found the following.

    First, the healthcheck.html file always exists in the system.

    When we access the admin via our client’s VPN the healthcheck.html file is listed in the Ignore Scanning list and the Core Integrity report is clean.

    When we access the admin from outside the VPN the healthcheck.html is NOT listed in the Ignore Scanning and the Core Integrity shows the healthcheck.html as “Added, not fixable”. Additionally, if we try to add the /path/to/healthcheck.html when outside the VPN, we get a write-access error.

    It’s our guess that permissions on uploads/sucuri/sucuri-settings.php and/or sucuri-ignorescanning.php are getting in the way.

    If you have any other suggestions I’d be happy to give them a try, otherwise I might mark this as resolved.

    Plugin Author yorman

    (@yorman)

    Fixed with exception added with commit #18c52ff [1].

    [1] https://github.com/Sucuri/sucuri-wordpress-plugin/pull/29/commits/18c52ff

    Thank you kindly.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Consistent daily email alerts but Dashboard shows clean core’ is closed to new replies.