files changing with only adding

  • Hi all,
    sorry if I missed a topic of this one, but looked for some days and can’t find it. My question is I guess very simple.
    Logs of Ithemes shows that several 1000 files were added to my site without upgrading any plugins by myself. The files mentioned are for example includes/requests, css, js, images, plugins etc. etc. nothing strange about the files, but is this normal?

    More information: no strange files or attempts or anything like that found, the files were added when I didn’t work on the site.

    Hope to receive a reaction..
    thanks!

Viewing 12 replies - 1 through 12 (of 12 total)

  • The first File Change Detection scan ever run on your site will always report ALL files as Added…

    This is because the first File Change Detection scan has nothing to compare with.

    A File Change Detection scan compares the current state of your site files with a file list which was stored in the MySQL database by the previous File Change Detection scan.

    Sometimes a site is made up out of so many files that due to MySQL database size limitation(s) the file list fails to be stored in the database (It’s a lot of data to handle in a single MySQL statement). This effectively results in every File Change Detection scan to produce the same result … (as if it is run for the first time).

    To identify this specific situation visit the Logs page and filter for File Change Detection entries. If there are multiple consecutive entries with only 1000s files Added (0 Removed, 0 Changed) then its likely you are hitting a MySQL database size limitation issue.

    Last but not least, once the File Change Detection module is enabled a scan can be triggered by anyone accessing your site.
    On every page request (frontend or backend) the iTSec plugin checks whether the current time is past the File Change Detection scheduled time, and if so a scan is automatically run.

    • This reply was modified 6 years, 10 months ago by nlpro.

    This function does not work when this plugin is a fake! you can put test engines to check all the files! after viewing the weight of the entire folder afterwards if you want to lock everything in the archive to believe HAS SUM! after neither doing any changes after any time check again and about the MIRACLE plugin finds a bunch of changes! I am a MASTER in the field of security and I really do not like when the community is being deceived!
    https://c.radikal.ru/c36/1805/42/f90237989011.png

    • This reply was modified 6 years, 10 months ago by kot41.

    @kot41

    Are you using Google Translate to translate Russian into English ?
    I’ve read several of your posts on this forum and with every post I find it very difficult to understand what you are saying.

    If not using Google Translate please try and add your post in English and Russian.

    I don’t speak or read Russian but maybe someone who does can then add a proper English translation.

    Данная функция не работает в этом плагине и являеться ФЕЙКОМ ! проверить это очень просто !
    надо поставить плагин на тестовый движок проверить файлы ! после этого проверить вес самой папки
    потом можно сжать это все в архив и проверить хешь сумму архива ! после этого не производить ни каких изменений
    снова проверить плагином изменения и о ЧУДО он находит огромное количество изменений !

    (I’ve tagged this post with modlook, which means a forum moderator will have a look at this).

    Would it be possible to get a decent translation of the last post added in Russian ?

    I’ve looked around on www.remarpro.com but I could not find a procedure for requesting a post translation. So I decided to do it this way. I’ve run the text from the post through Google translate but the resulting translation is not good enough to understand properly what the post is about.

    Moderator Yui

    (@fierevere)

    永子

    Would it be possible to get a decent translation of the last post added in Russian ?

    sure, here you go

    this function does not work with this plugin and is a fake
    you can easily test this!
    Do a test install and check files, then check folder size.
    Compress everything into archive and check its hash sum. Dont do any changes after that.
    Check changes using plugin. a WONDER – a lot of changes!

    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    *Removes modlook*

    @kot41

    Compress everything into archive and check its hash sum. Dont do any changes after that.

    I think this needs a bit of clarification.

    Let’s assume we have a folder with 100 .php files.
    So we “Compress everything into archive”. What is the result ?

    a. A folder with 100 .php files and 1 archive file (100 + 1 = 101 files).
    b. A folder with only 1 archive file (100 – 100 + 1 = 1 file).

    Check changes using plugin. a WONDER – a lot of changes!

    Please specify what changes the iTSec plugin reports. Specify # Added, # Removed, # Changed files. Like:

    (a) 1 Added, 0 Removed, 0 Changed.
    (b) 1 Added, 100 Removed, 0 Changed.

    • This reply was modified 6 years, 10 months ago by nlpro.

    Вам nlpro по моему без полезно что то тут пояснять вы четко поставили себе задачу ввести пользователей в заблуждение ! там как не проверяй эта функция не работает и Является ФЕЙКОМ ! Обо установив ее на только что скаченный wordpress проверив все не изменяя ничего этот плагин все равно покажет изменения У нас данный плагин тестировали более 100 разработчиков и кроме как назвать данную функцию фейковой не могли ! Если бы в свое время LINUX И CNU шли по вашему пути то данных проектов бы не существовало ! Надо больше все тестировать и проверять а не писать пустое на форумах ! Это Лично мое мнение желаю всем добра и мира !

    Thread Starter baardemakers

    (@baardemakers)

    okay…while reading your comments I guess the plugins are doing their work, because everything is still oke..I understand the first comment..meanwhile files are removed and changed ..again..with no harm done. I will leave it enabled and check if there are any stranges changes or attempts. The ip address is still the same one. For me the first time therefore thank you for your comments.

    @baardemakers

    First of all apologies for the off topic posts. Unfortunately it’s unclear what our Russian friend has to say. Without any clear information to back up his findings (it seems to be related to file compression causing false positives) it’s probably best to just ignore him.

    There is one last piece of info I’d like to share with you regarding file changes detected by the File Change Detection feature.

    I know there are plugins that regularly write data to files. So these file changes will constantly be reported by the File Change Detection feature, unless … you exclude those files or folders from the scan.

    There is no point in having the File Change Detection feature report file changes all the time of files that you know are modified constantly.
    They are basically false positives.

    One last piece of info. In the next release of the free plugin (it’s already included in the Pro premium plugin, 5.1.3 release) the File Change Detection scan engine will be COMPLETELY rewritten. Who knows, it will maybe solve our Russion friend’s problem.

    That is basically the reason why I was genuinely interested in what he was to say. He may have a valid point. Just wanted to make sure I understood what the issue is so I can then test it while using the rewritten scan engine in the latest Pro plugin. Anyway our Russian friend claims he is a “MASTER in the field of securiy” so we’ll just let him figure it out ??

    nlpro Проведите тестирование так ! скачайте wordpress НЕ ставьте ни какие другие плагины поставьте только этот один плагин iThemes Security и дайте системе поработать ! Все сами увидите !

Viewing 12 replies - 1 through 12 (of 12 total)
  • The topic ‘files changing with only adding’ is closed to new replies.