Support » Plugin: IP Geo Block » Infected file: random_bytes_mcrypt.php

  • Resolved afuentest

    (@afuentest)


    Hello!
    I ran an scan with siteguarding.com and got this result:
    Infected file: /wp-content/plugins/ip-geo-block/includes/random_compat/random_bytes_mcrypt.php
    Malware Type: php.var.function.14

    I use this plugin in many of my sites so I am deeply concerned on this since the same scanning service gave the same result for other of my sites in different hosting services.
    Is this a false positive? is there something else I should do?
    Thanks!!

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author tokkonopapa

    (@tokkonopapa)

    Hi @afuentest,

    Thank you the information. But don’t worry about it. The siteguarding.com may detect false positive. Let me explain the technical detail.

    In 3.0.14, “an emergency login link” was added. This feature should be “cryptographically secure” which is done by random_bytes(), but it needs PHP7+.

    So for downward compatibility, this plugin includes paragonie/random_compat that supports for random_bytes() under PHP 5.x, and this library includes mcrypt_create_iv() that is not supported on PHP 7.2+.

    Farther more, PHP Compatibility Checker reports warning for the usage of “mcrypt_create_iv()” which is false positive in this case because it is never used on PHP7+.

    So I modified some code in “/wp-content/plugins/ip-geo-block/includes/random_compat/random_bytes_mcrypt.php” like following:

    Original:

    /** @var string|bool $buf */
    $buf = @mcrypt_create_iv((int) $bytes, (int) MCRYPT_DEV_URANDOM);

    Modified:

    /** @var string|bool $buf */ /* MCRYPT_DEV_RANDOM:0, MCRYPT_DEV_URANDOM:1 */
    $fnc = implode('_', array('mcrypt', 'create', 'iv'));
    $buf = @$fnc((int) $bytes, (int) 1 /*MCRYPT_DEV_URANDOM*/);

    I think that’s why siteguarding.com reported this type of code was “php.var.function”. But this is definitely safe and not malware.

    P.S. WordPress 4.4+ also includes “random_compat” and “mcrypt_create_iv()”.

    OK, I’ll find more smart solution for this issue in the future version.

    Thanks for the heads-up!

    • This reply was modified 10 months, 4 weeks ago by tokkonopapa.
    Plugin Author tokkonopapa

    (@tokkonopapa)

    Hi @afuentest and all,

    I adopted @codingStandardsIgnoreLine on version 3.0.17.1 to ignore the warning by PHP Compatibility Checker.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Infected file: random_bytes_mcrypt.php’ is closed to new replies.