Received message this morning:
We have detected some malicious files on server on the account “prcporta”.
More details about the malware scan results could be found on the scan results page (in WHM: Plugins » Imunify » Malware)
Can you determine from the info below if I should consider/report this as a ‘false positive’?
Thanks in advance for your reply,
Michael
Here are the details from my Immunify:
View /home/XXXXXXXX/public_html/wp-content/plugins/ai-engine/classes/tests/sse_tester.php
<?php
// Various links
// https://serverfault.com/questions/488767/how-do-i-enable-php-s-flush-with-nginxphp-fpm
// https://stackoverflow.com/questions/72394213/nginx-configuration-for-server-sent-event
// https://serverfault.com/questions/801628/for-server-sent-events-sse-what-nginx-proxy-configuration-is-appropriate
// (in Japanese)
// If ‘?SSE’ is set, send Server-Sent Events, otherwise we’ll display the page.
if ( isset( $_GET[‘PHPINFO’] ) ) {
phpinfo();
}
else if ( isset( $_GET[‘SSE’] ) ) {
// Set the headers for SSE.
header( ‘Cache-Control: no-cache’ );
header( ‘Content-Type: text/event-stream’ );
header( ‘X-Accel-Buffering: no’ ); // This is useful to disable buffering in nginx through headers.
// Push data to the browser every second.
ob_implicit_flush( true );
ob_end_flush();
for ( $i = 0; $i < 3; $i++ ) { $data = “data: $i”; echo $data . “\n\n”; if ( ob_get_level() > 0 ) {
ob_flush();
}
flush();
error_log( $data );
sleep( 1 );
}
echo “data: Done!\n\n”;
}
else {
?>
Stream / SSE
I build this code in order to experiment with SSE with PHP as it seems to be tricky to make it work. This idea is that the events below appear every one second, and not all at once.
Output:
Retry
<?php
}