Support » Plugin: Wordfence Security - Firewall & Malware Scan » Yandex – False positive ?

  • Resolved pitichampi

    (@pitichampi)


    Hi

    We have many sites with Yandex installed. The tracking pixel is considered as malicious code by Wordfence since a few hours.
    It makes a lot of false positives and alerts which could obsfucate true positives.

    This file appears to be installed by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: "<img src="https://mc.yandex.ru/watch/xxxxxx" alt="" />". The infection type is: Spam:HTML/lgwmy.

    • This topic was modified 2 years, 7 months ago by pitichampi.
Viewing 6 replies - 1 through 6 (of 6 total)
  • I have the same problem)))

    This file appears to be installed by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: "<img src="https://informer.yandex.ru/informer/41806809/3_1_FFFFFFFF_EFEFEFFF_0_pageviews" style="width:88px; height:31px; border:0;" alt="Яндекс.Метрика" title="Яндекс.Метрик\xd0...". The infection type is: Spam:HTML/lgwmy.

    Link

    Can’t you just exclude it from scans. In my case, I don’t want anything to do with Yandex and block them in any way possible, I’m glad Wordfence catches that. A while back, the Yandex crawler hit my sites so hard I ran out of bandwidth and my server shut down, it was essentially a DOS attack. Didn’t appreciate it. MTN

    Ignoring is easy but isn’t the way as I solve issues. I could just ignore to report it too and le the people wondering if they were alone or anything.
    I think that, when a software’s behaviour is wrong, the dev team and the community of users might want to be aware of this issue. And then have a better software with a better UX.
    But that just a developper’s opinion…
    And maybe this isn’t false positive and there is a real attack mimicking yandex code but returned correctly by Wordfence.

    Hi @pitichampi
    Thanks for bringing this issue to us, I’ve reported this one to our dev team and they are working on it to see if there is any workaround to exclude this code from future scans.

    For now, adding this file to “Exclude files from scan that match these wildcard patterns” should work as a -temporary- fix.

    Thanks.

    Hi guys!
    Could you please run a new scan and re-check this issue? I got an update from the dev team that this should not be reported now.

    Thanks.

    I have no issues with Yandex and everything seems OK))
    Thanks)

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Yandex – False positive ?’ is closed to new replies.