A file change was detected on your system…

Hi katiebuglove it could be that the captcha changes every time you try to login or in this instance submit a form through your website. This is what I suspect the security plugin has detected the changes in the captcha.

Regards

I used my ftp to look at the files located in plugins/contact-form… and the file name was different than the one that showed in the email alert. Then today, I got another email alert from All In One WP Security that the file had been deleted. I went back in to ftp and there is no “xxx”.php file in there at all.

I disabled “allow automatic updates” to secure contact form to see if this stops this file addition/deletion.

This seems very strange, as this didn’t start until I started getting lots of spam comments (all held for moderation, of course) from mostly Russian IP’s.

Thanks for getting back to me, mbrsolution!

? installed youre plugin and now ican’t join my ankarabirliknakliyat.com admin. Login failed because your IP address has been blocked. Please contact the administrator. Taht’s the message. What now? Please help.

Hi @katiebuglove so what is the conclusion so far? Is your issue resolved as per your comment…

I disabled “allow automatic updates” to secure contact form to see if this stops this file addition/deletion.

This seems very strange, as this didn’t start until I started getting lots of spam comments (all held for moderation, of course) from mostly Russian IP’s.

Regards

I haven’t received any more notifications so, so far so good…. Thanks for your concern.

Could you view the contents of the file involved: “…/wp-content/plugins/si-contact-form/captcha/cache/FzyxtXSahm6DdmbE.php”

I would hope that it is a simple bit of captcha support code, but if it is large and obscure, well then I would suspect that it is a hackers backdoor.

Please let us know what you find.

There is a new one today:

wp-content/plugins/si-contact-form/captcha/cache/O8WMt1prF4AMRa74.php

and it says:

<?php $captcha_word = ‘bM92’; ?>

In your opinion, is this normal behavior of Secure Contact Form? Maybe I need to get on their forum to find out. It only concerns me because I have had SCF for a long time and this is new behavior.

Thanks for your input, RossMitchell, I really appreciate it!

Hi @katiebuglove what’s in the cache file confirms what I stated in reply number 2. There is no harm so you can close this support ticket if you don’t require any more help.

Regards

Hello Katie, that looks like good news, just the kind of contents I would hope for. I am a little puzzled as to why they are using files rather than storing this in the database.

If you would like the plugin to ignore such file changes in the future you can enter the following in the Files/Directories To Ignore box on the file scanner settings page:
si-contact-form/captcha/cache/