• Resolved ArtDbc

    (@davon69)


    Hello,
    I just want to confirm if this is a false positive?

    This file may contain malicious executable code: wp-content/plugins/backwpup/vendor/phpseclib/phpseclib/phpseclib/Crypt/Base.php
    Type: File

    Filename: wp-content/plugins/backwpup/vendor/phpseclib/phpseclib/phpseclib/Crypt/Base.php
    File Type: Not a core, theme, or plugin file from www.remarpro.com.
    Details: This file is a PHP executable file and contains the word “eval” (without quotes) and the word “unpack(” (without quotes). The eval() function along with an encoding function like the one mentioned are commonly used by hackers to hide their code. If you know about this file you can choose to ignore it to exclude it from future scans. This file was detected because you have enabled HIGH SENSITIVITY scanning. This option is more aggressive than the usual scans, and may cause false positives

    I’m on high sensitive scanning since 2 months, this is the first time the file is detected!
    But I found this topic about the same file.
    So I think I can ignore this, but before doing it, I want to be sure I can.
    Please let me know.

    Best,
    Arthur

Viewing 2 replies - 1 through 2 (of 2 total)
  • Hello Arthur,

    Thanks for writing in! I suggest doing a quick comparison between the copy of that file you have on the server and the author original one here, you can do a quick lookup for the eval and unpack functions only. If the lines are the same then it’s totally fine to ignore this issue, otherwise you need to investigate this issue in details.

    When it comes to “High Sensitivity” scans, you need to double check the results in more details, that’s why we recommend enabling this mode when cleaning an already infected website.

    Thanks.

    Hello!

    I hope we were successful in helping you resolve your issue with Wordfence! Since we have not heard back from you in the past 2 weeks I will now be marking this support thread as resolved. However, if we still haven’t resolved your issue please reach out to us as we would be more than happy to further assist you!

    Thanks and have a great day!
    Chloe

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘False Positive – Base.php on BackWPUp’ is closed to new replies.