WordPress.org

Forums

NextGEN Gallery
WordFence detected possible malicious code in class.datamapper_driver_base.php (6 posts)

  1. anorris1
    Member
    Posted 11 months ago #

    G'day

    I don't think its anything to be concerned about. I'm ignoring the wordfence error for now. Even though I'm not a coder, I've looked over the file and think its OK. Tho it be good if you could use another method or work with wordfence so the code is not flagged. I didn't get this issue with the previous version just the new version after updating.

    Tho it be good if you could review your code so it doesn't get flagged by WordFence as a potential issue.

    Word fence error:
    This file may contain malicious executable wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/datamapper/class.datamapper_driver_base.php
    Filename: wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/datamapper/class.datamapper_driver_base.php
    File type: Not a core, theme or plugin file.
    Issue first detected: 1 day 21 hours ago.
    Severity: Critical
    Status Ignoring this file until it changes
    This file is a PHP executable file and contains the word 'eval' (without quotes) and the word 'base64_decode(' (without quotes). The eval() function along with an encoding function like the one mentioned are commonly used by hackers to hide their code. If you know about this file you can choose to ignore it to exclude it from future scans.

    https://wordpress.org/plugins/nextgen-gallery/

  2. photocrati
    Member
    Plugin Author

    Posted 11 months ago #

    @anorris1 - You are fine to ignore this. Thanks for bringing it to our attention but our use of base64/eval in this case is legitimate.

    - Cais.

  3. anorris1
    Member
    Posted 11 months ago #

    Thats fine are you are able to not use base64/eval so it doesn't get flagged?

  4. photocrati
    Member
    Plugin Author

    Posted 11 months ago #

    @anorris1 - We are doing a general review but aside from obscuring the base64/eval calls just so WordFence doesn't flag them doesn't seem to be the right approach.

    Perhaps WordFence needs to look at their algorithms regarding the use of base64/eval codes?

    - Cais.

  5. anorris1
    Member
    Posted 11 months ago #

    Hackers use base64/eval to hide their code, so as much as I agree with you it would be good if you could use a method/code that isn't used by hackers... thus preventing false positive in security plugins etc.

    Of all the plugins used. Nextgen is the only one being flagged....

    I've asked WordFence but they just want me to ignore it rather do anything on their part :(. So my only hope is that you can change the code to something that doesn't result in false positives.

  6. photocrati
    Member
    Plugin Author

    Posted 11 months ago #

    @anorris1 - As I noted, I put it over to our developers to review but we are not doing anything wrong in the code itself ... even if "hackers" like to use similar constructs.

    - Cais.

Reply

You must log in to post.

About this Plugin

  • NextGEN Gallery
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic