WordPress.org

Support

Support » Plugins and Hacks » [Resolved] Malicious Attempt to Access Your Hosting Account "xxx" is Detected

[Resolved] Malicious Attempt to Access Your Hosting Account "xxx" is Detected

Viewing 8 replies - 1 through 8 (of 8 total)
  • Plugin Author Wordfence

    @mmaunder

    Hi,

    Thanks for the report. Yes it’s almost certainly a false positive. I Googled around and didn’t find any info on P0167 other than a few random results that made no sense. Can you ask your host what exactly they’re pickup up on in our readme.txt and I’ll get that fixed so it doesn’t show up as a false positive.

    My guess is it’s one of the malicious script names we mention in the readme.txt which we list as the scripts we scan for that it may be detecting – perhaps a mere mention of the name triggers their scanning software.

    Regards,

    Mark.

    My hosting company confirmed that this is a false-positive but unable to whitelist any references to ‘wordfence/readme.txt’ because it could be used by some malware to inject codes to similar files in order to get whitelisted.

    Update:

    Read Me file was marked as suspicious by security system called ‘ConfigServer eXploit Scanner’.
    Wordfence author can contact them at http://configserver.com/contact.html , since this exploit scanner is rather popular at hosting companies.

    This is a recurring issue for me too. Keep getting malicious exploit notices re readme.txt from my host’s virus scanner. This began about 2 weeks ago. I’m using Namecheap as my host.

    This also just started for me this week on 4 of my sites and I’m also using Namecheap.

    I received a notice, as well. I also use NameCheap. I’m assuming that since it is only a read-me file, it doesn’t affect functionality of the plug-in. However, I don’t want any negative impressions with my hosting provider that my sites are vulnerable to attacks.

    Any updates on this issue? Thanks!

    What to do when popular plugins or themes contain malicious URLs.

    This seems to address the issue. I currently have the file quarantined. I think I’ll just leave it there. 🙂

    This still happens to me every time I update Wordfence in every site I have installed on the server.

    I love that Namecheap takes security serious (unlike some hosts) but the Wordfence Readme file being quarantined every time it is uploaded does bug me.

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘[Resolved] Malicious Attempt to Access Your Hosting Account "xxx" is Detected’ is closed to new replies.