This topic contains 1 reply, has 2 voices, and was last updated by 
- Posts
Hi there,
We received this alert pointing at Ajax Search Pro:
Generic.Hidden.Code.2
This file contains suspicious hidden code, and should be checked for recent changes, or malicious code. Often hackers try to hide their hack attempts by obfuscating their attack code, to make it harder to detect. VaultPress has detected a string of suspicious characters in this file. Please check your backup history for recent changes to this file, or contact a Safekeeper if you are unsure.tcpdf_static.php
/wp-content/plugins/ajax-search-pro/includes/externals/pdf-smalot/tecnickcom/tcpdf/include
Showing this code:
public static function getTCPDFProducer() {
128
return “\x54\x43\x50\x44\x46\x20”.self::getTCPDFVersion().”\x20\x28\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x74\x63\x70\x64\x66\x2e\x6f\x72\x67\x29″;
129
}
Regards
Sasha
Hi Sasha,
That is a false positive, I can confirm. The suspicious file is actually only build of a decoder for PDF documents. You can safely ignore it. For more details you can even check the project, it is open source: TDPDF on github
Best,
Ernest Marcinko
If you like my products, don't forget to rate them on codecanyon :)
You must be logged in to reply to this topic.