ConfigServer Community Forum

As of today I am getting hundreds of "Hit" emails out of the blue regarding the Wordpress plugin file:

'/wp-content/uploads/sucuri/sucuri-settings.php'

(quarantined to /home/quarantine/cxsuser/[user]/sucuri-settings.php.1521654621_1) Known exploit = [Fingerprint Match]

The quarantined file contains the following file contents:

<?php exit(0); ?>
{"sucuriscan_lastlogin_redirection":"enabled","sucuriscan_revproxy":"disabled"}

Perhaps there was a rules update last night, and if so, are these all false positives? Anyone else getting this today?

Greg

Please see:
https://blog.configserver.com/?p=3234

Thanks! That seemed to fix it. I was wondering - when something mission critical happens like that that had us scurrying around trying to figure out what was going on - do you have an alert list we can sign up for that would have sent an email to registered users? I searched the forum before submitting my post but never found the "cxs False Positives" post. Regardless, thanks for the great software. We couldn't live without it!

The best thing to do is to sign up to our blog either by the RSS feed or the twitter account (see the blog).

Will do, thanks!