Wordfence alert messages

WP-Filebase Pro Forums General Support Wordfence alert messages

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #4474
    Maria
    Participant

    Wordfence security plugin delivered 9 alert messages after the last update:
    for instance: File appears to be malicious: wp-content/plugins/wp-filebase-pro/classes/AdminLite.php

    This file appears to be installed by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: “${“\x47\x4c\x4fBA\x4cS”}[“.

    can i just ignore this? the downloaded current zip version of the plugin has such encoded parts as well.

    #4480
    Carlos2
    Participant

    I have received similar alerts from Wordfence Version 5.3.8 also.

    Website: eiki.com

    WP-Filebase Pro Version 3.2.11

    I have manually deleted and re-installed WP-Filebase Pro Version 3.2.11 and re-scanned. The same malicious files and malicious text is reported.

    1.Filename: wp-content/plugins/wp-filebase-pro/classes/Sync.php
    File type: Not a core, theme or plugin file.
    Issue first detected: 2 hours 57 mins ago.
    Severity: Critical
    Status New
    The text we found in this file that matches a known malicious file is: “${“\x47L\x4fB\x41\x4cS”}[“.

    2. Filename: wp-content/plugins/wp-filebase-pro/classes/Admin.php
    File type: Not a core, theme or plugin file.
    Issue first detected: 2 hours 57 mins ago.
    Severity: Critical
    Status New
    The text we found in this file that matches a known malicious file is: “${“\x47\x4c\x4fBA\x4cS”}[“.

    3.Filename: wp-content/plugins/wp-filebase-pro/classes/AdminGuiManage.php
    File type: Not a core, theme or plugin file.
    Issue first detected: 2 hours 57 mins ago.
    Severity: Critical
    Status New
    The text we found in this file that matches a known malicious file is: “${“\x47L\x4fB\x41L\x53”}[“.

    4. Filename: wp-content/plugins/wp-filebase-pro/sync.php
    File type: Not a core, theme or plugin file.
    Issue first detected: 2 hours 57 mins ago.
    Severity: Critical
    Status New
    he text we found in this file that matches a known malicious file is: “${“\x47LO\x42\x41L\x53”}[“.

    5. Filename: wp-content/plugins/wp-filebase-pro/classes/EmbeddedForm.php
    File type: Not a core, theme or plugin file.
    Issue first detected: 2 hours 57 mins ago.
    Severity: Critical
    Status New
    The text we found in this file that matches a known malicious file is: “${“\x47\x4cOB\x41\x4cS”}[“.

    6. Filename: wp-content/plugins/wp-filebase-pro/classes/Output.php
    File type: Not a core, theme or plugin file.
    Issue first detected: 2 hours 57 mins ago.
    Severity: Critical
    Status New
    The text we found in this file that matches a known malicious file is: “${“\x47\x4c\x4fBA\x4cS”}[“.

    7. Filename: wp-content/plugins/wp-filebase-pro/classes/ProLib.php
    File type: Not a core, theme or plugin file.
    Issue first detected: 2 hours 57 mins ago.
    Severity: Critical
    Status New
    The text we found in this file that matches a known malicious file is: “${“\x47\x4c\x4fB\x41LS”}[“.

    8. Filename: wp-content/plugins/wp-filebase-pro/classes/AdminLite.php
    File type: Not a core, theme or plugin file.
    Issue first detected: 2 hours 57 mins ago.
    Severity: Critical
    Status New
    The text we found in this file that matches a known malicious file is: “${“\x47\x4c\x4fBA\x4cS”}[“.

    9. Filename: wp-content/plugins/wp-filebase-pro/extras/pdf-utils.php
    File type: Not a core, theme or plugin file.
    Issue first detected: 2 hours 57 mins ago.
    Severity: Critical
    Status New
    The text we found in this file that matches a known malicious file is: “${“\x47L\x4fBA\x4c\x53”}[“.

    Concerned!

    John

    #4596
    Fabian
    Participant

    Hi,

    its a false detection. WP-Filebase Pro uses code obfuscation to protect the code that handles Licensing. Its free from malicious code, but Wordfence might recognize it as an infection because of the obfuscation pattern. Hackers usually add their code obfuscated.

Viewing 3 posts - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.