Announcement

Collapse
No announcement yet.

Possibly False Positive - SMW-INJ-19608-htaccess.bkdr.wshll-1

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Possibly False Positive - SMW-INJ-19608-htaccess.bkdr.wshll-1

    We've received reports from a customer that the .htacess files on their cPanel server is infected by SMW-INJ-19608-htaccess.bkdr.wshll-1 however the content dont appear malicious:

    <FilesMatch ".(PhP|php5|suspected|phtml|py|exe|php)$">
    Order allow,deny
    Deny from all
    </FilesMatch>
    <FilesMatch "^(postfs.php|votes.php|wjsindex.php|lock666.p hp|f ont-editor.php|ms-functions.php|contents.php|jsdindex.php|load.php|x mlrpcs.php|container.php|entity.php|header.php|sty le.php|constant.php|access.php|locale.php|uninstal l.php|themes.php|wp-login.php|scindex.php|wp-load.php|admin.php|settings.php|lofter.php|wp-crons.php|activate.php|router.php|repeater.php|wp-scripts.php|wp-study.php)$">
    Order allow,deny
    Allow from all
    </FilesMatch>
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . index.php [L]
    </IfModule>

  • #2
    Sorry, disregard it was malicious

    Comment


    • #3
      Yeah, those .php files in a list looks strange.

      Anyway, if you find something similar feel free to send us a false-positive request for check per https://docs.imunify360.com/command_...false-negative , example command:

      Code:
      imunify360-agent submit false-positive --reason <reason> <file>

      Comment

      Working...
      X