sodium_compat and more flagged in error log

  • Resolved JustBruno

    (@justbruno)


    1 year, 9 months ago

    Hi,

    I am suddenly getting a threat from my error log with many lines highlighted. Here is the beginning of many lines:

    require_once()
#1 /home/walik/public_html/wp-includes/sodium_compat/autoload.php(45): require_once('/home/walik/p...')
#2 /home/walik/public_html/wp-includes/compat.php(335): require('/home/walik/p...')
#3 /home/walik/public_html/wp-settings.php(109): require('/home/walik/p...')
#4 /home/walik/public_html/wp-config.php(90): require_once('/home/walik/p...')
#5 /home/walik/public_html/wp-load.php(37): require_once('/home/walik/p...')
#6 /home/walik/public_html/wp-blog-header.php(13): require_once('/home/walik/p...')
#7 /home/walik/public_html/index.php(17): require('/home/walik/p...')

    Does this look right to you?

    Thanks!!

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Eli

    (@scheeeli)

    This is probably a false positive but I’d like to be sure. Can you please send me the full log file so that I can check it and confirm this?

    I am very curious to know what there would be in a log file that would look like a known threat, especially if it’s many lines long, and there is nothing suspicious in the 7 line excerpt that you posted above.

    If possible, please attach the whole log file to an email so I can give you a better explanation:

    eli AT gotmls DOT net

    Plugin Author Eli

    (@scheeeli)

    Thanks for sending me that log file. Yes, that is a false positive.

    Those are some strange errors you are getting from Gravity Forms though. Even so, that code is not actually malicious as it is only snippets of a erroneous query and not in an executable format.

    Never the less, I have updated my definitions to exclude this unexpected pattern so you should not see this instance reported again.

    Thread Starter JustBruno

    (@justbruno)

    Thank you Eli !!!!!!

    ????????

    • This reply was modified 1 year, 9 months ago by JustBruno.
Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘sodium_compat and more flagged in error log’ is closed to new replies.