ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://mail.forum.configserver.com/

sucuri-settings.php

https://mail.forum.configserver.com/viewtopic.php?t=10749

Page 1 of 1

sucuri-settings.php

Posted: 21 Mar 2018, 18:07
by happydog
As of today I am getting hundreds of "Hit" emails out of the blue regarding the Wordpress plugin file:

'/wp-content/uploads/sucuri/sucuri-settings.php'

(quarantined to /home/quarantine/cxsuser/[user]/sucuri-settings.php.1521654621_1) Known exploit = [Fingerprint Match]

The quarantined file contains the following file contents:

<?php exit(0); ?>
{"sucuriscan_lastlogin_redirection":"enabled","sucuriscan_revproxy":"disabled"}

Perhaps there was a rules update last night, and if so, are these all false positives? Anyone else getting this today?

Greg

Re: sucuri-settings.php

Posted: 21 Mar 2018, 18:11
by ForumAdmin
Please see:
https://blog.configserver.com/?p=3234

Re: sucuri-settings.php

Posted: 21 Mar 2018, 18:31
by happydog
Thanks! That seemed to fix it. I was wondering - when something mission critical happens like that that had us scurrying around trying to figure out what was going on - do you have an alert list we can sign up for that would have sent an email to registered users? I searched the forum before submitting my post but never found the "cxs False Positives" post. Regardless, thanks for the great software. We couldn't live without it!

Re: sucuri-settings.php

Posted: 21 Mar 2018, 18:33
by ForumAdmin
The best thing to do is to sign up to our blog either by the RSS feed or the twitter account (see the blog).

Re: sucuri-settings.php

Posted: 21 Mar 2018, 18:39
by happydog
Will do, thanks!
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited