“malicious executable code”

  • Resolved jess888

    (@jess888)


    6 years, 11 months ago

    I am getting this warning from WordFence on a few of my sites that have AIO installed:

    This file may contain malicious executable code: wp-content/plugins/all-in-one-wp-migration-ftp-extension/lib/vendor/sftp-factory/sftp-factory/vendor/phpseclib/Crypt/Base.php
    Type: File
    Issue Found April 27, 2018 10:41 am
    Critical

    Let me know if this is a false alarm. Thanks!

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Yani

    (@yaniiliev)

    @jess888

    The file is part of this project: https://github.com/phpseclib/phpseclib which is included in FTP Extension.
    You could write to WordFence to find out what they have detected.
    IMO it is a false alarm but you want to ask WordFence to make sure everything is OK.

    Thread Starter jess888

    (@jess888)

    Here is what it says:

    Filename: wp-content/plugins/all-in-one-wp-migration-ftp-extension/lib/vendor/sftp-factory/sftp-factory/vendor/phpseclib/Crypt/Base.php
    File Type: Not a core, theme, or plugin file from www.remarpro.com.
    Details: This file is a PHP executable file and contains the word “eval” (without quotes) and the word “unpack(” (without quotes). The eval() function along with an encoding function like the one mentioned are commonly used by hackers to hide their code. If you know about this file you can choose to ignore it to exclude it from future scans. This file was detected because you have enabled HIGH SENSITIVITY scanning. This option is more aggressive than the usual scans, and may cause false positives.

    Thread Starter jess888

    (@jess888)

    Checking in on this – is this a false alarm?

    Plugin Author Yani

    (@yaniiliev)

    @jess888

    False alarm.

    Thread Starter jess888

    (@jess888)

    Thanks for letting me know.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘“malicious executable code”’ is closed to new replies.

Tags