File check – false positive?

  • Resolved nicolaottomano

    (@nicolaottomano)


    5 years, 4 months ago

    Hi,
    yesterday, for the second time in 2 weeks, I received the [NinjaFirewall] Alert: File Guard detection notifications.
    Then I downloaded via FTP all the files involved and found that no one has changed (I checked them via WinMerge with my weekly backup).
    Then I looked at the “modified date/time” property of the files on server and found that the date is still the same.

    Could it be a false positive?

    Nicola

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author nintechnet

    (@nintechnet)

    On your server, the date and time you’ll see is likely the mtime, not the ctime used by NinjaFirewall.
    mtime: Stands for “modification time”, i.e., the content of the file was modified.
    ctime: Stands for “change time”, i.e., same as above and also any change including file permissions, ownership (uid, gid) etc.
    You can check your file with this script. Just add its full path to the $file variable:

    <?php

$file = '/foo/bar/script.php';

header('Content-type: text/plain');
$stats = stat( $file );
print_r( $stats );
    Thread Starter nicolaottomano

    (@nicolaottomano)

    @nintechnet thanks for your kind reply.

    I checked one of the files and, indeed, while the mtime is correct (1550849335 -> 22/2/2019, 16:28:55) the ctime has changed to 1563390311 -> 17/7/2019, 21:05:11

    So definitely seems not a false positive but now I guess what could have been changed the ctime, because I haven’t updated/changed anything on the server for at least one month :-/

    Nicola

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘File check – false positive?’ is closed to new replies.