WordPress.org

Forums

Wordfence Security
[resolved] Malicious Attempt to Access Your Hosting Account "xxx" is Detected (9 posts)

  1. cloudduster
    Member
    Posted 1 year ago #

    I received a lengthy email from my host and at the bottom of it, this text

    '[PHP Exploit [P0167]]': /home/xxx/public_html/addonsites/xxx/wp-content/plugins/wordfence/readme.txt

    I'm more inclined to believe that this is a false positive, right?

    http://wordpress.org/plugins/wordfence/

  2. Wordfence
    Member
    Plugin Author

    Posted 1 year ago #

    Hi,

    Thanks for the report. Yes it's almost certainly a false positive. I Googled around and didn't find any info on P0167 other than a few random results that made no sense. Can you ask your host what exactly they're pickup up on in our readme.txt and I'll get that fixed so it doesn't show up as a false positive.

    My guess is it's one of the malicious script names we mention in the readme.txt which we list as the scripts we scan for that it may be detecting - perhaps a mere mention of the name triggers their scanning software.

    Regards,

    Mark.

  3. cloudduster
    Member
    Posted 1 year ago #

    My hosting company confirmed that this is a false-positive but unable to whitelist any references to 'wordfence/readme.txt' because it could be used by some malware to inject codes to similar files in order to get whitelisted.

  4. cloudduster
    Member
    Posted 1 year ago #

    Update:

    Read Me file was marked as suspicious by security system called 'ConfigServer eXploit Scanner'.
    Wordfence author can contact them at http://configserver.com/contact.html , since this exploit scanner is rather popular at hosting companies.

  5. leehodson
    Member
    Posted 1 year ago #

    This is a recurring issue for me too. Keep getting malicious exploit notices re readme.txt from my host's virus scanner. This began about 2 weeks ago. I'm using Namecheap as my host.

  6. morcom
    Member
    Posted 1 year ago #

    This also just started for me this week on 4 of my sites and I'm also using Namecheap.

  7. davidyurchuk
    Member
    Posted 1 year ago #

    I received a notice, as well. I also use NameCheap. I'm assuming that since it is only a read-me file, it doesn't affect functionality of the plug-in. However, I don't want any negative impressions with my hosting provider that my sites are vulnerable to attacks.

    Any updates on this issue? Thanks!

  8. davidyurchuk
    Member
    Posted 1 year ago #

    http://www.wordfence.com/blog/2013/09/wordfence-flag-theme-plugin-malicious-url/

    This seems to address the issue. I currently have the file quarantined. I think I'll just leave it there. :)

  9. leehodson
    Member
    Posted 1 year ago #

    This still happens to me every time I update Wordfence in every site I have installed on the server.

    I love that Namecheap takes security serious (unlike some hosts) but the Wordfence Readme file being quarantined every time it is uploaded does bug me.

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Wordfence Security
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic

Tags

No tags yet.