Skip Navigation

[Resolved] suspect plugin files routinely noted in site scan

This support ticket is created 5 years, 6 months ago. There's a good chance that you are reading advice that it now obsolete.

This is the technical support forum for Toolset - a suite of plugins for developing WordPress sites without writing PHP.

Everyone can read this forum, but only Toolset clients can post in it. Toolset support works 6 days per week, 19 hours per day.

Sun Mon Tue Wed Thu Fri Sat
- 9:00 – 12:00 9:00 – 12:00 9:00 – 12:00 9:00 – 12:00 9:00 – 12:00 -
- 13:00 – 18:00 13:00 – 18:00 13:00 – 18:00 14:00 – 18:00 13:00 – 18:00 -

Supporter timezone: America/Jamaica (GMT-05:00)

This topic contains 6 replies, has 2 voices.

Last updated by Shane 5 years, 5 months ago.

Assisted by: Shane.

Author
Posts
#1258397

I routinely get a msg from my server host re. suspect files as part of my Toolset plugins...see below. How may I resolve? Thanks, Jim P.

***

We're alerting you to the latest security scan of your website.

For each issue, we have included a filepath to the location of the suspect code, along with a brief description of the type of issue:

'/home/jimproct/public_html/wp-content/plugins/layouts/vendor/toolset/toolset-common/visual-editor/res/js/codemirror/mode/clike/index.html'
# Suspicious file type [application/x-c]
'/home/jimproct/public_html/wp-content/plugins/types/vendor/toolset/toolset-common/visual-editor/res/js/codemirror/mode/clike/index.html'
# Suspicious file type [application/x-c]
'/home/jimproct/public_html/wp-content/plugins/types/vendor/toolset/types/embedded/classes/path.php'
# Regular expression match = [symlink\s*\(]
'/home/jimproct/public_html/wp-content/plugins/types-access/vendor/toolset/toolset-common/visual-editor/res/js/codemirror/mode/clike/index.html'
# Suspicious file type [application/x-c]
'/home/jimproct/public_html/wp-content/plugins/wp-views/vendor/toolset/toolset-common/visual-editor/res/js/codemirror/mode/clike/index.html'
# Suspicious file type [application/x-c]

Suspicious Files: We found 5 suspicious file(s). This may indicate a potential threat, such as questionable code, or code that may be hackable, such an outdated plugin or version of code.

Please remedy the issue(s) as soon as possible. If not fixed, we may need to suspend your website, as code exploits or viruses present a risk to our network and other customers. If you aren't sure how to fix the issue(s) or do not have a webmaster, please contact us and we can provide you a quote to resolve these issues for you.
#1258801

Shane
Supporter

Languages: English (English )

Timezone: America/Jamaica (GMT-05:00)

Hi Jim,

Thank you for getting in touch.

I've escalated this to our 2nd tier supporters and currently waiting on a response from them.

Thanks,
Shane

#1279653

Shane
Supporter

Languages: English (English )

Timezone: America/Jamaica (GMT-05:00)

Hi Jim,

Posting an update here as our team mentioned this as a false alarm.

The advise was that for you to inform your hosts that this is a false alarm, secondly would it be possible to put us in contact with your host or the team that is responsible for the security side of your site ?

This way our team can get in touch with them as well.

Thanks,
Shane

#1279685

Okay, I"ve forwarded to the server host support team, and will get back in touch when I hear from them.

Jim P.

#1279691

Shane
Supporter

Languages: English (English )

Timezone: America/Jamaica (GMT-05:00)

Thanks Jim

#1284469

Just to let you know, I haven't heard back from them, so would appreciate if we keep this thread open for my updates.

Thanks,

Jim P.

#1285023

Shane
Supporter

Languages: English (English )

Timezone: America/Jamaica (GMT-05:00)

Hi Jim,

The thread will remain open so long as there is a response at least once a week.

Thanks,
Shane