Am I under severe attack?

  • Resolved gilbodavid

    (@gilbodavid)


    9 years, 1 month ago

    I use wordfence free version and duo mobile on all my sites.

    A few days someone was doing a lot of trying to sign in, then got in and put pages with links on some of my sites.

    I deleted the pages and installed a plugin to change /wp-admin.

    Then this evening all hell broke loose..

    I have vidahost dealing with this, more has happened since, but at 19.11 this evening my wordpress sent me this:

    This email was sent from your website “…..” by the Wordfence plugin.
    Wordfence found the following new issues on “…..”.
    Alert generated at Sunday 11th of October 2015 at 07:11:14 PM
    Critical Problems:
    * WordPress core file modified: index.php
    * WordPress core file modified: wp-activate.php
    * WordPress core file modified: wp-admin/about.php
    * WordPress core file modified: wp-admin/admin-ajax.php
    * WordPress core file modified: wp-admin/admin-footer.php
    * WordPress core file modified: wp-admin/admin-functions.php
    * WordPress core file modified: wp-admin/admin-header.php
    * WordPress core file modified: wp-admin/admin-post.php
    * WordPress core file modified: wp-admin/admin.php
    * WordPress core file modified: wp-admin/async-upload.php
    * WordPress core file modified: wp-admin/comment.php
    * WordPress core file modified: wp-admin/credits.php
    * WordPress core file modified: wp-admin/custom-background.php
    * WordPress core file modified: wp-admin/custom-header.php
    * WordPress core file modified: wp-admin/customize.php
    * WordPress core file modified: wp-admin/edit-comments.php
    * WordPress core file modified: wp-admin/edit-form-advanced.php
    * WordPress core file modified: wp-admin/edit-form-comment.php
    * WordPress core file modified: wp-admin/edit-link-form.php
    * WordPress core file modified: wp-admin/edit-tag-form.php
    * WordPress core file modified: wp-admin/edit-tags.php
    * WordPress core file modified: wp-admin/edit.php
    * WordPress core file modified: wp-admin/export.php
    * WordPress core file modified: wp-admin/freedoms.php
    * WordPress core file modified: wp-admin/import.php
    * WordPress core file modified: wp-admin/includes/admin-filters.php
    * WordPress core file modified: wp-admin/includes/admin.php
    * WordPress core file modified: wp-admin/includes/ajax-actions.php
    * WordPress core file modified: wp-admin/includes/bookmark.php
    * WordPress core file modified: wp-admin/includes/class-ftp-pure.php
    * WordPress core file modified: wp-admin/includes/class-ftp-sockets.php
    * WordPress core file modified: wp-admin/includes/class-ftp.php
    * WordPress core file modified: wp-admin/includes/class-pclzip.php
    * WordPress core file modified: wp-admin/includes/class-wp-comments-list-table.php
    * WordPress core file modified: wp-admin/includes/class-wp-filesystem-base.php
    * WordPress core file modified: wp-admin/includes/class-wp-filesystem-direct.php
    * WordPress core file modified: wp-admin/includes/class-wp-filesystem-ftpext.php
    * WordPress core file modified: wp-admin/includes/class-wp-filesystem-ftpsockets.php
    * WordPress core file modified: wp-admin/includes/class-wp-filesystem-ssh2.php
    * WordPress core file modified: wp-admin/includes/class-wp-importer.php
    * WordPress core file modified: wp-admin/includes/class-wp-links-list-table.php
    * WordPress core file modified: wp-admin/includes/class-wp-list-table.php
    * WordPress core file modified: wp-admin/includes/class-wp-media-list-table.php
    * WordPress core file modified: wp-admin/includes/class-wp-ms-sites-list-table.php
    * WordPress core file modified: wp-admin/includes/class-wp-ms-themes-list-table.php
    * WordPress core file modified: wp-admin/includes/class-wp-ms-users-list-table.php
    * WordPress core file modified: wp-admin/includes/class-wp-plugin-install-list-table.php
    * WordPress core file modified: wp-admin/includes/class-wp-plugins-list-table.php
    * WordPress core file modified: wp-admin/includes/class-wp-posts-list-table.php
    * WordPress core file modified: wp-admin/includes/class-wp-press-this.php
    * WordPress core file modified: wp-admin/includes/class-wp-site-icon.php
    * WordPress core file modified: wp-admin/includes/class-wp-terms-list-table.php
    * WordPress core file modified: wp-admin/includes/class-wp-theme-install-list-table.php
    * WordPress core file modified: wp-admin/includes/class-wp-themes-list-table.php
    * WordPress core file modified: wp-admin/includes/class-wp-upgrader-skins.php
    * WordPress core file modified: wp-admin/includes/class-wp-upgrader.php
    * WordPress core file modified: wp-admin/includes/class-wp-users-list-table.php
    * WordPress core file modified: wp-admin/includes/comment.php
    * WordPress core file modified: wp-admin/includes/continents-cities.php
    * WordPress core file modified: wp-admin/includes/dashboard.php
    * WordPress core file modified: wp-admin/includes/deprecated.php
    * WordPress core file modified: wp-admin/includes/export.php
    * WordPress core file modified: wp-admin/includes/file.php
    * WordPress core file modified: wp-admin/includes/image-edit.php
    * WordPress core file modified: wp-admin/includes/image.php
    * WordPress core file modified: wp-admin/includes/import.php
    * WordPress core file modified: wp-admin/includes/list-table.php
    * WordPress core file modified: wp-admin/includes/media.php
    * WordPress core file modified: wp-admin/includes/menu.php
    * WordPress core file modified: wp-admin/includes/meta-boxes.php
    * WordPress core file modified: wp-admin/includes/misc.php
    * WordPress core file modified: wp-admin/includes/ms-admin-filters.php
    * WordPress core file modified: wp-admin/includes/ms-deprecated.php
    * WordPress core file modified: wp-admin/includes/ms.php
    * WordPress core file modified: wp-admin/includes/nav-menu.php
    * WordPress core file modified: wp-admin/includes/plugin-install.php
    * WordPress core file modified: wp-admin/includes/plugin.php
    * WordPress core file modified: wp-admin/includes/post.php
    * WordPress core file modified: wp-admin/includes/revision.php
    * WordPress core file modified: wp-admin/includes/schema.php
    * WordPress core file modified: wp-admin/includes/screen.php
    * WordPress core file modified: wp-admin/includes/taxonomy.php
    * WordPress core file modified: wp-admin/includes/template.php
    * WordPress core file modified: wp-admin/includes/theme-install.php
    * WordPress core file modified: wp-admin/includes/theme.php
    * WordPress core file modified: wp-admin/includes/translation-install.php
    * WordPress core file modified: wp-admin/includes/update-core.php
    * WordPress core file modified: wp-admin/includes/update.php
    * WordPress core file modified: wp-admin/includes/upgrade.php
    * WordPress core file modified: wp-admin/includes/user.php
    * WordPress core file modified: wp-admin/includes/widgets.php
    * WordPress core file modified: wp-admin/index.php
    * WordPress core file modified: wp-admin/install-helper.php
    * WordPress core file modified: wp-admin/install.php
    * WordPress core file modified: wp-admin/link-add.php
    * WordPress core file modified: wp-admin/link-manager.php
    * WordPress core file modified: wp-admin/link-parse-opml.php
    * WordPress core file modified: wp-admin/link.php
    * WordPress core file modified: wp-admin/load-scripts.php
    * WordPress core file modified: wp-admin/load-styles.php
    * WordPress core file modified: wp-admin/maint/repair.php
    * WordPress core file modified: wp-admin/media-new.php
    * WordPress core file modified: wp-admin/media-upload.php
    * WordPress core file modified: wp-admin/media.php
    * WordPress core file modified: wp-admin/menu-header.php
    * WordPress core file modified: wp-admin/menu.php
    * WordPress core file modified: wp-admin/moderation.php
    * WordPress core file modified: wp-admin/ms-admin.php
    * WordPress core file modified: wp-admin/ms-delete-site.php
    * WordPress core file modified: wp-admin/ms-edit.php
    * WordPress core file modified: wp-admin/ms-options.php
    * WordPress core file modified: wp-admin/ms-sites.php
    * WordPress core file modified: wp-admin/ms-themes.php
    * WordPress core file modified: wp-admin/ms-upgrade-network.php
    * WordPress core file modified: wp-admin/ms-users.php
    * WordPress core file modified: wp-admin/my-sites.php
    * WordPress core file modified: wp-admin/nav-menus.php
    * WordPress core file modified: wp-admin/network/about.php
    * WordPress core file modified: wp-admin/network/admin.php
    * WordPress core file modified: wp-admin/network/credits.php
    * WordPress core file modified: wp-admin/network/edit.php
    * WordPress core file modified: wp-admin/network/freedoms.php
    * WordPress core file modified: wp-admin/network/index.php
    * WordPress core file modified: wp-admin/network/menu.php
    * WordPress core file modified: wp-admin/network/plugin-editor.php
    * WordPress core file modified: wp-admin/network/plugin-install.php
    * WordPress core file modified: wp-admin/network/plugins.php
    * WordPress core file modified: wp-admin/network/profile.php
    * WordPress core file modified: wp-admin/network/settings.php
    * WordPress core file modified: wp-admin/network/setup.php
    * WordPress core file modified: wp-admin/network/site-info.php
    * WordPress core file modified: wp-admin/network/site-new.php
    * WordPress core file modified: wp-admin/network/site-settings.php
    * WordPress core file modified: wp-admin/network/site-themes.php
    * WordPress core file modified: wp-admin/network/site-users.php
    * WordPress core file modified: wp-admin/network/sites.php
    * WordPress core file modified: wp-admin/network/theme-editor.php
    * WordPress core file modified: wp-admin/network/theme-install.php
    * WordPress core file modified: wp-admin/network/themes.php
    * WordPress core file modified: wp-admin/network/update-core.php
    * WordPress core file modified: wp-admin/network/update.php
    * WordPress core file modified: wp-admin/network/upgrade.php
    * WordPress core file modified: wp-admin/network/user-edit.php
    * WordPress core file modified: wp-admin/network/user-new.php
    * WordPress core file modified: wp-admin/network/users.php
    * WordPress core file modified: wp-admin/network.php
    * WordPress core file modified: wp-admin/options-discussion.php
    * WordPress core file modified: wp-admin/options-general.php
    * WordPress core file modified: wp-admin/options-head.php
    * WordPress core file modified: wp-admin/options-media.php
    * WordPress core file modified: wp-admin/options-permalink.php
    * WordPress core file modified: wp-admin/options-reading.php
    * WordPress core file modified: wp-admin/options-writing.php
    * WordPress core file modified: wp-admin/options.php
    * WordPress core file modified: wp-admin/plugin-editor.php
    * WordPress core file modified: wp-admin/plugin-install.php
    * WordPress core file modified: wp-admin/plugins.php
    * WordPress core file modified: wp-admin/post-new.php
    * WordPress core file modified: wp-admin/post.php
    * WordPress core file modified: wp-admin/press-this.php
    * WordPress core file modified: wp-admin/profile.php
    * WordPress core file modified: wp-admin/revision.php
    * WordPress core file modified: wp-admin/setup-config.php
    * WordPress core file modified: wp-admin/theme-editor.php
    * WordPress core file modified: wp-admin/theme-install.php
    * WordPress core file modified: wp-admin/themes.php
    * WordPress core file modified: wp-admin/tools.php
    * WordPress core file modified: wp-admin/update-core.php
    * WordPress core file modified: wp-admin/update.php
    * WordPress core file modified: wp-admin/upgrade-functions.php
    * WordPress core file modified: wp-admin/upgrade.php
    * WordPress core file modified: wp-admin/upload.php
    * WordPress core file modified: wp-admin/user/about.php
    * WordPress core file modified: wp-admin/user/admin.php
    * WordPress core file modified: wp-admin/user/credits.php
    * WordPress core file modified: wp-admin/user/freedoms.php
    * WordPress core file modified: wp-admin/user/index.php
    * WordPress core file modified: wp-admin/user/menu.php
    * WordPress core file modified: wp-admin/user/profile.php
    * WordPress core file modified: wp-admin/user/user-edit.php
    * WordPress core file modified: wp-admin/user-edit.php
    * WordPress core file modified: wp-admin/user-new.php
    * WordPress core file modified: wp-admin/users.php
    * WordPress core file modified: wp-admin/widgets.php
    * WordPress core file modified: wp-blog-header.php
    * WordPress core file modified: wp-comments-post.php
    * WordPress core file modified: wp-config-sample.php
    * WordPress core file modified: wp-cron.php
    * WordPress core file modified: wp-includes/ID3/getid3.lib.php
    * WordPress core file modified: wp-includes/ID3/getid3.php
    * WordPress core file modified: wp-includes/ID3/module.audio-video.asf.php
    * WordPress core file modified: wp-includes/ID3/module.audio-video.flv.php
    * WordPress core file modified: wp-includes/ID3/module.audio-video.matroska.php
    * WordPress core file modified: wp-includes/ID3/module.audio-video.quicktime.php
    * WordPress core file modified: wp-includes/ID3/module.audio-video.riff.php
    * WordPress core file modified: wp-includes/ID3/module.audio.ac3.php
    * WordPress core file modified: wp-includes/ID3/module.audio.dts.php
    * WordPress core file modified: wp-includes/ID3/module.audio.flac.php
    * WordPress core file modified: wp-includes/ID3/module.audio.mp3.php
    * WordPress core file modified: wp-includes/ID3/module.audio.ogg.php
    * WordPress core file modified: wp-includes/ID3/module.tag.apetag.php
    * WordPress core file modified: wp-includes/ID3/module.tag.id3v1.php
    * WordPress core file modified: wp-includes/ID3/module.tag.id3v2.php
    * WordPress core file modified: wp-includes/ID3/module.tag.lyrics3.php
    * WordPress core file modified: wp-includes/SimplePie/Author.php
    * WordPress core file modified: wp-includes/SimplePie/Cache/Base.php
    * WordPress core file modified: wp-includes/SimplePie/Cache/DB.php
    * WordPress core file modified: wp-includes/SimplePie/Cache/File.php
    * WordPress core file modified: wp-includes/SimplePie/Cache/Memcache.php
    * WordPress core file modified: wp-includes/SimplePie/Cache/MySQL.php
    * WordPress core file modified: wp-includes/SimplePie/Cache.php
    * WordPress core file modified: wp-includes/SimplePie/Caption.php
    * WordPress core file modified: wp-includes/SimplePie/Category.php
    * WordPress core file modified: wp-includes/SimplePie/Content/Type/Sniffer.php
    * WordPress core file modified: wp-includes/SimplePie/Copyright.php
    * WordPress core file modified: wp-includes/SimplePie/Core.php
    * WordPress core file modified: wp-includes/SimplePie/Credit.php
    * WordPress core file modified: wp-includes/SimplePie/Decode/HTML/Entities.php
    * WordPress core file modified: wp-includes/SimplePie/Enclosure.php
    * WordPress core file modified: wp-includes/SimplePie/Exception.php
    * WordPress core file modified: wp-includes/SimplePie/File.php
    * WordPress core file modified: wp-includes/SimplePie/HTTP/Parser.php
    * WordPress core file modified: wp-includes/SimplePie/IRI.php
    * WordPress core file modified: wp-includes/SimplePie/Item.php
    * WordPress core file modified: wp-includes/SimplePie/Locator.php
    * WordPress core file modified: wp-includes/SimplePie/Misc.php
    * WordPress core file modified: wp-includes/SimplePie/Net/IPv6.php
    * WordPress core file modified: wp-includes/SimplePie/Parse/Date.php
    * WordPress core file modified: wp-includes/SimplePie/Parser.php
    * WordPress core file modified: wp-includes/SimplePie/Rating.php
    * WordPress core file modified: wp-includes/SimplePie/Registry.php
    * WordPress core file modified: wp-includes/SimplePie/Restriction.php
    * WordPress core file modified: wp-includes/SimplePie/Sanitize.php
    * WordPress core file modified: wp-includes/SimplePie/Source.php
    * WordPress core file modified: wp-includes/SimplePie/XML/Declaration/Parser.php
    * WordPress core file modified: wp-includes/SimplePie/gzdecode.php
    * WordPress core file modified: wp-includes/Text/Diff/Engine/native.php
    * WordPress core file modified: wp-includes/Text/Diff/Engine/shell.php
    * WordPress core file modified: wp-includes/Text/Diff/Engine/string.php
    * WordPress core file modified: wp-includes/Text/Diff/Engine/xdiff.php
    * WordPress core file modified: wp-includes/Text/Diff/Renderer/inline.php
    * WordPress core file modified: wp-includes/Text/Diff/Renderer.php
    * WordPress core file modified: wp-includes/Text/Diff.php
    * WordPress core file modified: wp-includes/admin-bar.php
    * WordPress core file modified: wp-includes/atomlib.php
    * WordPress core file modified: wp-includes/author-template.php
    * WordPress core file modified: wp-includes/bookmark-template.php
    * WordPress core file modified: wp-includes/bookmark.php
    * WordPress core file modified: wp-includes/cache.php
    * WordPress core file modified: wp-includes/canonical.php
    * WordPress core file modified: wp-includes/capabilities.php
    * WordPress core file modified: wp-includes/category-template.php
    * WordPress core file modified: wp-includes/category.php
    * WordPress core file modified: wp-includes/class-IXR.php
    * WordPress core file modified: wp-includes/class-feed.php
    * WordPress core file modified: wp-includes/class-http.php
    * WordPress core file modified: wp-includes/class-json.php
    * WordPress core file modified: wp-includes/class-oembed.php
    * WordPress core file modified: wp-includes/class-phpass.php
    * WordPress core file modified: wp-includes/class-phpmailer.php
    * WordPress core file modified: wp-includes/class-pop3.php
    * WordPress core file modified: wp-includes/class-simplepie.php
    * WordPress core file modified: wp-includes/class-smtp.php
    * WordPress core file modified: wp-includes/class-snoopy.php
    * WordPress core file modified: wp-includes/class-wp-admin-bar.php
    * WordPress core file modified: wp-includes/class-wp-ajax-response.php
    * WordPress core file modified: wp-includes/class-wp-customize-control.php
    * WordPress core file modified: wp-includes/class-wp-customize-manager.php
    * WordPress core file modified: wp-includes/class-wp-customize-nav-menus.php
    * WordPress core file modified: wp-includes/class-wp-customize-panel.php
    * WordPress core file modified: wp-includes/class-wp-customize-section.php
    * WordPress core file modified: wp-includes/class-wp-customize-setting.php
    * WordPress core file modified: wp-includes/class-wp-editor.php
    * WordPress core file modified: wp-includes/class-wp-error.php
    * WordPress core file modified: wp-includes/class-wp-http-ixr-client.php
    * WordPress core file modified: wp-includes/class-wp-image-editor-gd.php
    * WordPress core file modified: wp-includes/class-wp-image-editor-imagick.php
    * WordPress core file modified: wp-includes/class-wp-image-editor.php
    * WordPress core file modified: wp-includes/class-wp-theme.php
    * WordPress core file modified: wp-includes/class-wp-walker.php
    * WordPress core file modified: wp-includes/class-wp-xmlrpc-server.php
    * WordPress core file modified: wp-includes/class-wp.php
    * WordPress core file modified: wp-includes/class.wp-dependencies.php
    * WordPress core file modified: wp-includes/class.wp-scripts.php
    * WordPress core file modified: wp-includes/class.wp-styles.php
    * WordPress core file modified: wp-includes/comment-template.php
    * WordPress core file modified: wp-includes/comment.php
    * WordPress core file modified: wp-includes/compat.php
    * WordPress core file modified: wp-includes/cron.php
    * WordPress core file modified: wp-includes/date.php
    * WordPress core file modified: wp-includes/default-constants.php
    * WordPress core file modified: wp-includes/default-filters.php
    * WordPress core file modified: wp-includes/deprecated.php
    * WordPress core file modified: wp-includes/feed-atom-comments.php
    * WordPress core file modified: wp-includes/feed-atom.php
    * WordPress core file modified: wp-includes/feed-rdf.php
    * WordPress core file modified: wp-includes/feed-rss.php
    * WordPress core file modified: wp-includes/feed-rss2-comments.php
    * WordPress core file modified: wp-includes/feed-rss2.php
    * WordPress core file modified: wp-includes/feed.php
    * WordPress core file modified: wp-includes/functions.php
    * WordPress core file modified: wp-includes/functions.wp-scripts.php
    * WordPress core file modified: wp-includes/functions.wp-styles.php
    * WordPress core file modified: wp-includes/general-template.php
    * WordPress core file modified: wp-includes/http.php
    * WordPress core file modified: wp-includes/js/tinymce/wp-tinymce.php
    * WordPress core file modified: wp-includes/kses.php
    * WordPress core file modified: wp-includes/link-template.php
    * WordPress core file modified: wp-includes/load.php
    * WordPress core file modified: wp-includes/locale.php
    * WordPress core file modified: wp-includes/media-template.php
    * WordPress core file modified: wp-includes/media.php
    * WordPress core file modified: wp-includes/meta.php
    * WordPress core file modified: wp-includes/ms-blogs.php
    * WordPress core file modified: wp-includes/ms-default-constants.php
    * WordPress core file modified: wp-includes/ms-default-filters.php
    * WordPress core file modified: wp-includes/ms-deprecated.php
    * WordPress core file modified: wp-includes/ms-files.php
    * WordPress core file modified: wp-includes/ms-functions.php
    * WordPress core file modified: wp-includes/ms-load.php
    * WordPress core file modified: wp-includes/ms-settings.php
    * WordPress core file modified: wp-includes/nav-menu-template.php
    * WordPress core file modified: wp-includes/nav-menu.php
    * WordPress core file modified: wp-includes/option.php
    * WordPress core file modified: wp-includes/pluggable-deprecated.php
    * WordPress core file modified: wp-includes/pluggable.php
    * WordPress core file modified: wp-includes/plugin.php
    * WordPress core file modified: wp-includes/pomo/entry.php
    * WordPress core file modified: wp-includes/pomo/mo.php
    * WordPress core file modified: wp-includes/pomo/po.php
    * WordPress core file modified: wp-includes/pomo/streams.php
    * WordPress core file modified: wp-includes/pomo/translations.php
    * WordPress core file modified: wp-includes/post-formats.php
    * WordPress core file modified: wp-includes/post-template.php
    * WordPress core file modified: wp-includes/post-thumbnail-template.php
    * WordPress core file modified: wp-includes/query.php
    * WordPress core file modified: wp-includes/registration-functions.php
    * WordPress core file modified: wp-includes/registration.php
    * WordPress core file modified: wp-includes/revision.php
    * WordPress core file modified: wp-includes/rewrite.php
    * WordPress core file modified: wp-includes/rss-functions.php
    * WordPress core file modified: wp-includes/rss.php
    * WordPress core file modified: wp-includes/script-loader.php
    * WordPress core file modified: wp-includes/session.php
    * WordPress core file modified: wp-includes/taxonomy.php
    * WordPress core file modified: wp-includes/template-loader.php
    * WordPress core file modified: wp-includes/template.php
    * WordPress core file modified: wp-includes/theme-compat/comments-popup.php
    * WordPress core file modified: wp-includes/theme-compat/comments.php
    * WordPress core file modified: wp-includes/theme-compat/footer.php
    * WordPress core file modified: wp-includes/theme-compat/header.php
    * WordPress core file modified: wp-includes/theme-compat/sidebar.php
    * WordPress core file modified: wp-includes/update.php
    * WordPress core file modified: wp-includes/user.php
    * WordPress core file modified: wp-includes/vars.php
    * WordPress core file modified: wp-includes/widgets.php
    * WordPress core file modified: wp-includes/wp-diff.php
    * WordPress core file modified: wp-links-opml.php
    * WordPress core file modified: wp-load.php
    * WordPress core file modified: wp-login.php
    * WordPress core file modified: wp-mail.php
    * WordPress core file modified: wp-settings.php
    * WordPress core file modified: wp-signup.php
    * WordPress core file modified: wp-trackback.php
    * WordPress core file modified: xmlrpc.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/includes/display/fields/desc.php
    * File appears to be malicious: wp-admin/network/user-edit.php
    * File appears to be malicious: wp-admin/network/index.php
    * File appears to be malicious: wp-includes/SimplePie/Restriction.php
    * File appears to be malicious: wp-content/plugins/wordpress-seo/inc/class-rewrite.php
    * File appears to be malicious: wp-admin/includes/image.php
    * File appears to be malicious: wp-content/themes/twentyfifteen/footer.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/includes/class-options.php
    * File appears to be malicious: wp-content/themes/twentyfourteen/header.php
    * File appears to be malicious: wp-content/plugins/wordpress-seo/admin/ajax/class-yoast-plugin-conflict-ajax.php
    * File appears to be malicious: wp-content/themes/twentythirteen/content-chat.php
    * File appears to be malicious: wp-content/themes/twentythirteen/content-quote.php
    * File appears to be malicious: wp-admin/widgets.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/vendor/composer/installers/src/Composer/Installers/WHMCSInstaller.php
    * File appears to be malicious: wp-content/themes/circumference-lite/sidebar-top.php
    * File appears to be malicious: wp-content/themes/twentyfourteen/content-image.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/includes/admin/edit-field/hr.php
    * File appears to be malicious: wp-admin/user/user-edit.php
    * File appears to be malicious: wp-content/themes/twentyfifteen/inc/customizer.php
    * File appears to be malicious: wp-includes/SimplePie/Cache/MySQL.php
    * File appears to be malicious: wp-content/themes/twentyfourteen/sidebar-content.php
    * File appears to be malicious: wp-admin/includes/nav-menu.php
    * File appears to be malicious: wp-content/plugins/ml-slider/inc/slide/metaslide.class.php
    * File appears to be malicious: wp-content/plugins/wordpress-seo/admin/pages/tools.php
    * File appears to be malicious: wp-includes/class-http.php
    * File appears to be malicious: wp-admin/network/edit.php
    * File appears to be malicious: wp-content/themes/twentythirteen/content-video.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/vendor/yoast/api-libs/class-api-google.php
    * File appears to be malicious: wp-content/plugins/akismet/class.akismet-widget.php
    * File appears to be malicious: wp-content/themes/circumference-lite/content-quote.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/vendor/composer/installers/src/Composer/Installers/ChefInstaller.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/includes/admin/pages/ninja-forms/tabs/field-settings/sidebars/post-fields.php
    * File appears to be malicious: wp-content/plugins/wordfence/views/reports/activity-report-email.php
    * File appears to be malicious: wp-includes/SimplePie/Author.php
    * File appears to be malicious: wp-content/themes/twentythirteen/content-status.php
    * File appears to be malicious: wp-content/themes/twentyfourteen/featured-content.php
    * File appears to be malicious: wp-admin/includes/user.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/vendor/yoast/api-libs/google/auth/Google_AuthNone.php
    * File appears to be malicious: wp-content/plugins/wordfence/lib/menu_whois.php
    * File appears to be malicious: wp-admin/includes/class-wp-ms-users-list-table.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/vendor/composer/installers/tests/Composer/Installers/Test/GravInstallerTest.php
    * File appears to be malicious: wp-content/themes/circumference-lite/archive.php
    * File appears to be malicious: wp-includes/class-phpass.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/admin/dashboards/drivers/class-admin-dashboards-driver.php
    * File appears to be malicious: wp-admin/async-upload.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/assets/dependencies/index.php
    * File appears to be malicious: wp-admin/network/users.php
    * File appears to be malicious: wp-admin/edit-link-form.php
    * File appears to be malicious: wp-content/themes/eventbrite-venue/header.php
    * File appears to be malicious: wp-content/plugins/ml-slider/inc/metaslider.imagehelper.class.php
    * File appears to be malicious: wp-admin/theme-install.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/classes/subs-cpt.php
    * File appears to be malicious: wp-admin/admin.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/includes/admin/pages/ninja-forms/tabs/field-settings/sidebars/layout-fields.php
    * File appears to be malicious: wp-content/plugins/wordpress-seo/vendor/yoast/api-libs/google/auth/Google_AssertionCredentials.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/includes/admin/pages/ninja-forms-impexp/tabs/impexp-fields/impexp-fields.php
    * File appears to be malicious: wp-content/plugins/wordpress-seo/admin/views/about.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/classes/step-processing.php
    * File appears to be malicious: wp-content/plugins/research_plugin_pSK1/research_plugin.php
    * File appears to be malicious: wp-admin/my-sites.php
    * File appears to be malicious: wp-content/plugins/wordpress-seo/vendor/xrstf/composer-php52/lib/xrstf/Composer52/Generator.php
    * File appears to be malicious: wp-content/plugins/wordpress-seo/vendor/yoast/api-libs/google/io/Google_REST.php
    * File appears to be malicious: wp-includes/class-wp-customize-panel.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/includes/admin/pages/ninja-forms-impexp/tabs/index.php
    * File appears to be malicious: wp-content/themes/eventbrite-venue/tmpl/post-empty.php
    * File appears to be malicious: wp-admin/options-head.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/vendor/composer/installers/src/Composer/Installers/CroogoInstaller.php
    * File appears to be malicious: wp-content/plugins/wordfence/lib/wfAction.php
    * File appears to be malicious: wp-admin/admin-ajax.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/includes/admin/edit-field/list-terms.php
    * File appears to be malicious: wp-includes/pomo/entry.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/assets/index.php
    * File appears to be malicious: wp-content/plugins/wordfence/lib/wordfenceClass.php
    * File appears to be malicious: wp-content/plugins/wordpress-seo/admin/pages/network.php
    * File appears to be malicious: wp-includes/class-wp-walker.php
    * File appears to be malicious: wp-content/plugins/wordpress-seo/admin/class-import-aioseo.php
    * File appears to be malicious: wp-content/plugins/wordfence/lib/wfCache.php
    * File appears to be malicious: wp-admin/includes/theme-install.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/vendor/yoast/api-libs/google/auth/Google_PemVerifier.php
    * File appears to be malicious: wp-includes/l10n.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/includes/admin/pages/ninja-forms-impexp/index.php
    * File appears to be malicious: wp-admin/upgrade.php
    * File appears to be malicious: wp-content/themes/twentythirteen/content-gallery.php
    * File appears to be malicious: wp-content/themes/eventbrite-venue/template-calendar.php
    * File appears to be malicious: wp-content/plugins/wordpress-seo/admin/class-opengraph-admin.php
    * File appears to be malicious: wp-content/themes/twentytwelve/functions.php
    * File appears to be malicious: wp-content/themes/circumference-lite/content-search.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/frontend/views/tracking-universal.php
    * File appears to be malicious: wp-admin/nav-menus.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/vendor/yoast/license-manager/tests/test-class-yoast-license-manager.php
    * File appears to be malicious: wp-content/plugins/wordpress-seo/admin/class-yoast-notification.php
    * File appears to be malicious: wp-content/plugins/wordpress-seo/admin/google_search_console/class-gsc-count.php
    * File appears to be malicious: wp-includes/SimplePie/File.php
    * File appears to be malicious: wp-content/plugins/wordfence/lib/email_newIssues.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/includes/display/form/form-title.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/vendor/yoast/license-manager/samples/index.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/assets/js/dev/index.php
    * File appears to be malicious: wp-admin/admin-functions.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/includes/admin/pages/ninja-forms-settings/tabs/general-settings/general-settings.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/images/index.php
    * File appears to be malicious: wp-includes/SimplePie/Source.php
    * File appears to be malicious: wp-content/plugins/widget-context/modules/word-count/module.php
    * File appears to be malicious: wp-admin/options-permalink.php
    * File appears to be malicious: wp-content/themes/twentytwelve/page-templates/front-page.php
    * File appears to be malicious: wp-content/themes/eventbrite-venue/inc/eventbrite.php
    * File appears to be malicious: wp-signup.php
    * File appears to be malicious: wp-content/themes/circumference-lite/content-gallery.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/classes/notices-save-progress.php
    * File appears to be malicious: wp-content/themes/eventbrite-venue/single.php
    * File appears to be malicious: wp-content/themes/twentyfourteen/single.php
    * File appears to be malicious: wp-admin/includes/class-ftp-pure.php
    * File appears to be malicious: wp-includes/SimplePie/Locator.php
    * File appears to be malicious: wp-content/themes/twentyfourteen/content-page.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/includes/display/processing/class-display-loading.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/includes/display/fields/display-fields.php
    * File appears to be malicious: wp-content/plugins/wordpress-seo/admin/google_search_console/class-gsc.php
    * File appears to be malicious: wp-content/plugins/wordpress-seo/inc/class-sitemaps.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/vendor/yoast/api-libs/google/external/URITemplateParser.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/assets/img/index.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/vendor/composer/autoload_psr4.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/classes/notification-base-type.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/includes/admin/pages/ninja-forms/tabs/field-settings/sidebars/def-fields.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/vendor/composer/installers/src/Composer/Installers/TYPO3FlowInstaller.php
    * File appears to be malicious: wp-content/themes/twentyfourteen/functions.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/classes/download-all-subs.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/includes/admin/pages/ninja-forms-impexp/tabs/impexp-fields/index.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/includes/display/form/nonce.php
    * File appears to be malicious: wp-includes/functions.php
    * File appears to be malicious: wp-content/plugins/seo-image/seo-friendly-images.php
    * File appears to be malicious: wp-includes/class-wp-ajax-response.php
    * File appears to be malicious: wp-content/themes/twentythirteen/author.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/includes/admin/pages/ninja-forms-settings/index.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/includes/fields/list.php
    * File appears to be malicious: wp-admin/ms-themes.php
    * File appears to be malicious: wp-content/plugins/wordfence/lib/Diff/Renderer/Abstract.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/includes/display/processing/attach-post-media.php
    * File appears to be malicious: wp-content/plugins/wordfence/lib/wfBrowscap.php
    * File appears to be malicious: wp-content/plugins/wordpress-seo/admin/class-taxonomy.php
    * File appears to be malicious: wp-content/themes/index.php
    * File appears to be malicious: wp-admin/network/profile.php
    * File appears to be malicious: wp-includes/ms-blogs.php
    * File appears to be malicious: wp-content/themes/circumference-lite/page-templates/page-left-column.php
    * File appears to be malicious: wp-content/themes/twentythirteen/sidebar-main.php
    * File appears to be malicious: wp-content/plugins/ml-slider/inc/metaslider.systemcheck.class.php
    * File appears to be malicious: wp-content/themes/circumference-lite/partials/logo-group.php
    * File appears to be malicious: wp-content/plugins/wordpress-seo/frontend/class-opengraph.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/index.php
    * File appears to be malicious: wp-content/plugins/wordpress-seo/inc/wpseo-functions.php
    * File appears to be malicious: wp-admin/includes/comment.php
    * File appears to be malicious: wp-admin/includes/class-wp-comments-list-table.php
    * File appears to be malicious: wp-content/themes/eventbrite-venue/inc/custom-header.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/vendor/xrstf/composer-php52/lib/xrstf/Composer52/ClassLoader.php
    * File appears to be malicious: wp-includes/theme-compat/header.php
    * File appears to be malicious: wp-content/plugins/wordfence/views/reports/activity-report.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/admin/dashboards/class-admin-dashboards-data.php
    * File appears to be malicious: wp-admin/user-new.php
    * File appears to be malicious: wp-content/themes/twentytwelve/author.php
    * File appears to be malicious: wp-content/plugins/wordpress-seo/admin/class-yoast-dashboard-widget.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/vendor/yoast/license-manager/class-plugin-update-manager.php
    * File appears to be malicious: wp-admin/update.php
    * File appears to be malicious: wp-admin/admin-footer.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/includes/functions.php
    * File appears to be malicious: wp-content/themes/circumference-lite/content-aside.php
    * File appears to be malicious: wp-admin/ms-options.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/includes/admin/pages/ninja-forms/tabs/field-settings/sidebars/payment-fields.php
    * File appears to be malicious: wp-admin/includes/class-wp-themes-list-table.php
    * File appears to be malicious: wp-includes/feed-atom-comments.php
    * File appears to be malicious: wp-content/themes/eventbrite-venue/inc/widgets.php
    * File appears to be malicious: wp-includes/class-pop3.php
    * File appears to be malicious: wp-admin/comment.php
    * File appears to be malicious: wp-content/plugins/wordfence/lib/email_genericAlert.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/vendor/yoast/license-manager/views/index.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/includes/display/processing/process.php
    * File appears to be malicious: wp-content/themes/twentyfourteen/tag.php
    * File appears to be malicious: wp-includes/class-wp.php
    * File appears to be malicious: wp-content/plugins/wordpress-seo/inc/index.php
    * File appears to be malicious: wp-content/plugins/wordpress-seo/vendor/autoload.php
    * File appears to be malicious: wp-content/themes/twentythirteen/author-bio.php
    * File appears to be malicious: wp-content/themes/circumference-lite/page-templates/page-left-right.php
    * File appears to be malicious: wp-content/plugins/wordpress-seo/admin/class-config.php
    * File appears to be malicious: wp-admin/edit-tag-form.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/includes/admin/pages/ninja-forms-settings/tabs/general-settings/index.php
    * File appears to be malicious: wp-content/themes/circumference-lite/content.php
    * File appears to be malicious: wp-admin/ms-delete-site.php
    * File appears to be malicious: wp-admin/upload.php
    * File appears to be malicious: wp-content/plugins/wordpress-seo/admin/class-import-woothemes-seo.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/includes/admin/save.php
    * File appears to be malicious: wp-includes/Text/Diff/Renderer/inline.php
    * File appears to be malicious: wp-admin/theme-editor.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/includes/admin/pages/ninja-forms/tabs/form-list/form-list.php
    * File appears to be malicious: wp-content/plugins/wordpress-seo/admin/google_search_console/views/gsc-display.php
    * File appears to be malicious: wp-content/themes/twentytwelve/image.php
    * File appears to be malicious: wp-admin/includes/class-wp-site-icon.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/vendor/composer/installers/src/Composer/Installers/Concrete5Installer.php
    * File appears to be malicious: wp-content/plugins/wordpress-seo/vendor/yoast/api-libs/google/cache/Google_Cache.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/vendor/yoast/api-libs/google/io/Google_CacheParser.php
    * File appears to be malicious: wp-content/themes/twentyfourteen/image.php
    * File appears to be malicious: wp-content/plugins/wordfence/lib/email_pleaseChangePasswd.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/vendor/composer/installers/src/Composer/Installers/MoodleInstaller.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/admin/dashboards/class-admin-dashboards.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/vendor/composer/installers/tests/Composer/Installers/Test/MediaWikiInstallerTest.php
    * File appears to be malicious: wp-content/themes/circumference-lite/image.php
    * File appears to be malicious: wp-admin/includes/screen.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/includes/fields/country.php
    * File appears to be malicious: wp-includes/wp-diff.php
    * File appears to be malicious: wp-content/themes/twentythirteen/content-image.php
    * File appears to be malicious: wp-includes/media.php
    * File appears to be malicious: wp-content/themes/twentytwelve/index.php
    * File appears to be malicious: wp-includes/rewrite.php
    * File appears to be malicious: wp-content/plugins/akismet/akismet.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/vendor/yoast/license-manager/class-license-manager.php
    * File appears to be malicious: wp-content/themes/twentythirteen/index.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/includes/admin/pages/ninja-forms/tabs/form-settings/index.php
    * File appears to be malicious: wp-content/themes/eventbrite-venue/inc/jetpack.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/includes/admin/welcome.php
    * File appears to be malicious: wp-admin/network/site-info.php
    * File appears to be malicious: wp-content/plugins/wordpress-seo/css/xml-sitemap-xsl.php
    * File appears to be malicious: wp-admin/network/credits.php
    * File appears to be malicious: wp-includes/ID3/module.tag.id3v2.php
    * File appears to be malicious: wp-includes/SimplePie/Cache/DB.php
    * File appears to be malicious: wp-content/themes/twentyfourteen/inc/back-compat.php
    * File appears to be malicious: wp-content/plugins/wordpress-seo/admin/google_search_console/class-gsc-mapper.php
    * File appears to be malicious: wp-content/plugins/wordpress-seo/admin/class-admin-init.php
    * File appears to be malicious: wp-content/plugins/wordfence/lib/menu_rangeBlocking.php
    * File appears to be malicious: wp-content/plugins/wordpress-seo/vendor/yoast/api-libs/google/service/Google_Service.php
    * File appears to be malicious: wp-includes/admin-bar.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/vendor/composer/autoload_namespaces.php
    * File appears to be malicious: wp-admin/about.php
    * File appears to be malicious: wp-content/plugins/wordpress-seo/inc/options/class-wpseo-option-internallinks.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/vendor/composer/installers/tests/Composer/Installers/Test/TestCase.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/admin/pages/settings.php
    * File appears to be malicious: wp-content/plugins/wordpress-seo/admin/pages/metas.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/vendor/yoast/api-libs/google/service/Google_ServiceResource.php
    * File appears to be malicious: wp-content/themes/circumference-lite/header.php
    * File appears to be malicious: wp-content/plugins/wordpress-seo/js/index.php
    * File appears to be malicious: wp-admin/network/setup.php
    * File appears to be malicious: wp-content/themes/twentyfourteen/sidebar-footer.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/admin/dashboards/drivers/class-admin-dashboards-table.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/vendor/composer/installers/src/Composer/Installers/DokuWikiInstaller.php
    * File appears to be malicious: wp-content/themes/eventbrite-venue/inc/theme-options.php
    * File appears to be malicious: wp-content/themes/eventbrite-venue/tmpl/navigation.php
    * File appears to be malicious: wp-admin/user/admin.php
    * File appears to be malicious: wp-content/plugins/wordpress-seo/admin/class-yoast-textstatistics.php
    * File appears to be malicious: wp-content/plugins/wordpress-seo/vendor/yoast/api-libs/class-api-google-client.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/includes/admin/post-metabox.php
    * File appears to be malicious: wp-content/themes/circumference-lite/sidebar-bottom.php
    * File appears to be malicious: wp-admin/includes/template.php
    * File appears to be malicious: wp-content/themes/twentytwelve/content-quote.php
    * File appears to be malicious: wp-includes/SimplePie/Enclosure.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/includes/display/fields/help.php
    * File appears to be malicious: wp-admin/includes/continents-cities.php
    * File appears to be malicious: wp-content/plugins/wordpress-seo/admin/class-snippet-preview.php
    * File appears to be malicious: wp-includes/Text/Diff/Renderer.php
    * File appears to be malicious: wp-includes/pomo/mo.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/vendor/composer/installers/src/Composer/Installers/AimeosInstaller.php
    * File appears to be malicious: xmlrpc.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/includes/admin/upgrades/index.php
    * File appears to be malicious: wp-content/plugins/wordpress-seo/inc/options/class-wpseo-options.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/admin/class-googleanalytics-reporting.php
    * File appears to be malicious: wp-includes/version.php
    * File appears to be malicious: wp-includes/registration.php
    * File appears to be malicious: wp-includes/class-wp-embed.php
    * File appears to be malicious: wp-content/themes/twentyfourteen/content-link.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/vendor/composer/installers/src/Composer/Installers/PPIInstaller.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/frontend/class-universal.php
    * File appears to be malicious: wp-admin/load-scripts.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/includes/libraries/wp-session.php
    * File appears to be malicious: wp-admin/includes/class-wp-filesystem-ftpext.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/vendor/composer/installers/src/Composer/Installers/AnnotateCmsInstaller.php
    * File appears to be malicious: wp-admin/network/update-core.php
    * File appears to be malicious: wp-content/themes/twentytwelve/page-templates/full-width.php
    * File appears to be malicious: wp-content/themes/twentyfourteen/404.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/vendor/yoast/api-libs/google/auth/Google_P12Signer.php
    * File appears to be malicious: wp-admin/includes/translation-install.php
    * File appears to be malicious: wp-content/plugins/wordfence/lib/wfCrawl.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/includes/eos.class.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/admin/dashboards/drivers/class-admin-dashboards-graph.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/includes/admin/edit-field/calc.php
    * File appears to be malicious: wp-includes/class.wp-styles.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/admin/index.php
    * File appears to be malicious: wp-includes/script-loader.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/vendor/yoast/license-manager/index.php
    * File appears to be malicious: wp-admin/link.php
    * File appears to be malicious: wp-includes/ID3/module.audio.ogg.php
    * File appears to be malicious: wp-includes/class-feed.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/includes/fields/textarea.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/vendor/composer/installers/src/Composer/Installers/PiwikInstaller.php
    * File appears to be malicious: wp-settings.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/assets/dependencies/qtip/index.php
    * File appears to be malicious: wp-content/themes/twentyfifteen/content-page.php
    * File appears to be malicious: wp-content/plugins/wordpress-seo/vendor/yoast/api-libs/class-api-google.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/includes/classes/class-nf-system-status.php
    * File appears to be malicious: wp-content/plugins/wordpress-seo/admin/class-customizer.php
    * File appears to be malicious: wp-content/plugins/wordfence/lib/wfGeoIP.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/includes/admin/pages/ninja-forms-impexp/tabs/impexp-subs/impexp-subs.php
    * File appears to be malicious: wp-content/themes/twentytwelve/comments.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/vendor/composer/installers/src/Composer/Installers/TuskInstaller.php
    * File appears to be malicious: wp-includes/comment-template.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/admin/class-admin.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/vendor/composer/installers/src/Composer/Installers/TheliaInstaller.php
    * File appears to be malicious: wp-content/themes/circumference-lite/content-audio.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/vendor/composer/installers/src/Composer/Installers/PimcoreInstaller.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/vendor/xrstf/composer-php52/lib/xrstf/Composer52/AutoloadGenerator.php
    * File appears to be malicious: wp-includes/theme-compat/comments.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/includes/class-settings.php
    * File appears to be malicious: wp-content/themes/circumference-lite/page.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/vendor/composer/installers/src/Composer/Installers/MagentoInstaller.php
    * File appears to be malicious: wp-includes/class-wp-image-editor-gd.php
    * File appears to be malicious: wp-content/plugins/wordpress-seo/vendor/yoast/api-libs/google/io/Google_HttpRequest.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/includes/admin/edit-field/help.php
    * File appears to be malicious: wp-content/plugins/duo-wordpress/duo_wordpress.php
    * File appears to be malicious: wp-admin/admin-header.php
    * File appears to be malicious: wp-includes/ID3/module.audio.flac.php
    * File appears to be malicious: wp-content/plugins/wordpress-seo/inc/options/class-wpseo-option.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/frontend/views/tracking-debug.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/includes/fields/honeypot.php
    * File appears to be malicious: wp-content/plugins/wordpress-seo/admin/pages/advanced.php
    * File appears to be malicious: wp-content/plugins/akismet/index.php
    * File appears to be malicious: wp-admin/install-helper.php
    * File appears to be malicious: wp-content/plugins/wordpress-seo/vendor/yoast/license-manager/index.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/includes/admin/pages/ninja-forms/index.php
    * File appears to be malicious: wp-content/plugins/wordpress-seo/inc/options/class-wpseo-taxonomy-meta.php
    * File appears to be malicious: wp-content/themes/eventbrite-venue/event.php
    * File appears to be malicious: wp-includes/ID3/module.audio-video.asf.php
    * File appears to be malicious: wp-includes/locale.php
    * File appears to be malicious: wp-admin/includes/admin.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/admin/dashboards/class-admin-dashboards-api-options.php
    * File appears to be malicious: wp-includes/category.php
    * File appears to be malicious: wp-content/plugins/wordfence/wordfence.php
    * File appears to be malicious: wp-includes/session.php
    * File appears to be malicious: wp-content/plugins/wordfence/index.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/admin/class-admin-menu.php
    * File appears to be malicious: wp-admin/ms-edit.php
    * File appears to be malicious: wp-content/plugins/wordpress-seo/frontend/class-googleplus.php
    * File appears to be malicious: wp-content/plugins/wordpress-seo/admin/class-sitemaps-admin.php
    * File appears to be malicious: wp-includes/SimplePie/Misc.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/classes/forms.php
    * File appears to be malicious: wp-includes/atomlib.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/vendor/composer/ClassLoader.php
    * File appears to be malicious: wp-admin/edit-form-comment.php
    * File appears to be malicious: wp-content/plugins/wordfence/lib/menu_countryBlocking.php
    * File appears to be malicious: wp-content/plugins/wordpress-seo/admin/google_search_console/class-gsc-table.php
    * File appears to be malicious: wp-content/plugins/wordpress-seo/admin/google_search_console/class-gsc-bulk-action.php
    * File appears to be malicious: wp-admin/includes/meta-boxes.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/admin/dashboards/class-admin-dashboards-display.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/includes/admin/edit-field/remove-button.php
    * File appears to be malicious: wp-blog-header.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/includes/admin/scripts.php
    * File appears to be malicious: wp-content/themes/circumference-lite/content-page.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/includes/admin/pages/ninja-forms/tabs/form-preview/form-preview.php
    * File appears to be malicious: wp-admin/media-new.php
    * File appears to be malicious: wp-content/plugins/ml-slider/inc/metaslider.widget.class.php
    * File appears to be malicious: wp-content/themes/twentyfourteen/search.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/vendor/yoast/api-libs/google/service/Google_Model.php
    * File appears to be malicious: wp-content/plugins/wordpress-seo/vendor/yoast/license-manager/class-plugin-update-manager.php
    * File appears to be malicious: wp-admin/includes/class-wp-terms-list-table.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/includes/display/processing/req-fields-pre-process.php
    * File appears to be malicious: wp-content/themes/eventbrite-venue/tmpl/post-loop.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/includes/display/processing/update-terms.php
    * File appears to be malicious: wp-content/plugins/wordfence/lib/viewFullActivityLog.php
    * File appears to be malicious: wp-content/plugins/seo-image/seo-friendly-images.class.php
    * File appears to be malicious: wp-content/plugins/wordpress-seo/vendor/yoast/api-libs/google/auth/Google_PemVerifier.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/assets/dependencies/chosen/index.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/includes/admin/tabs.php
    * File appears to be malicious: wp-includes/wp-db.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/includes/admin/edit-field/req.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/vendor/composer/installers/tests/Composer/Installers/Test/PiwikInstallerTest.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/includes/admin/pages/ninja-forms/tabs/field-settings/sidebars/template-fields.php
    * File appears to be malicious: wp-content/themes/circumference-lite/content-none.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/vendor/yoast/api-libs/class-api-google-client.php
    * File appears to be malicious: wp-includes/post-template.php
    * File appears to be malicious: wp-includes/pluggable-deprecated.php
    * File appears to be malicious: wp-content/plugins/wordpress-seo/vendor/composer/autoload_real.php
    * File appears to be malicious: wp-admin/includes/class-wp-list-table.php
    * File appears to be malicious: wp-admin/plugins.php
    * File appears to be malicious: wp-content/plugins/wordpress-seo/admin/views/tool-import-export.php
    * File appears to be malicious: wp-admin/freedoms.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/includes/fields/textbox.php
    * File appears to be malicious: wp-includes/Text/Diff/Engine/native.php
    * File appears to be malicious: wp-content/plugins/wordpress-seo/frontend/class-json-ld.php
    * File appears to be malicious: wp-admin/users.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/classes/add-form-modal.php
    * File appears to be malicious: wp-content/plugins/wordfence/lib/wfHelperString.php
    * File appears to be malicious: wp-content/plugins/wordpress-seo/vendor/yoast/license-manager/views/form.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/includes/admin/notices.php
    * File appears to be malicious: wp-content/themes/twentyfourteen/content-video.php
    * File appears to be malicious: wp-admin/includes/file.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/includes/admin/pages/ninja-forms/tabs/index.php
    * File appears to be malicious: wp-admin/press-this.php
    * File appears to be malicious: wp-content/plugins/wordpress-seo/inc/class-upgrade.php
    * File appears to be malicious: wp-content/themes/eventbrite-venue/archive.php
    * File appears to be malicious: wp-content/plugins/wordpress-seo/vendor/yoast/license-manager/views/script.php
    * File appears to be malicious: wp-content/themes/twentyfourteen/archive.php
    * File appears to be malicious: wp-admin/includes/plugin-install.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/includes/display/fields/inside-label-hidden.php
    * File appears to be malicious: wp-comments-post.php
    * File appears to be malicious: wp-includes/widgets.php
    * File appears to be malicious: wp-content/plugins/wordfence/views/reports/activity-report-email-inline.php
    * File appears to be malicious: wp-content/plugins/wordpress-seo/vendor/yoast/license-manager/samples/sample-product.php
    * File appears to be malicious: wp-includes/ID3/module.audio-video.quicktime.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/vendor/composer/installers/src/Composer/Installers/CraftInstaller.php
    * File appears to be malicious: wp-includes/SimplePie/Cache/Base.php
    * File appears to be malicious: wp-content/plugins/google-analytics-for-wordpress/frontend/views/tracking-ga-js.php
    * File appears to be malicious: wp-content/plugins/wordpress-seo/vendor/xrstf/composer-php52/lib/xrstf/Composer52/AutoloadGenerator.php
    * File appears to be malicious: wp-includes/default-widgets.php
    * File appears to be malicious: wp-includes/shortcodes.php
    * File appears to be malicious: wp-content/plugins/wordpress-seo/vendor/xrstf/composer-php52/lib/xrstf/Composer52/ClassLoader.php
    * File appears to be malicious: wp-admin/moderation.php
    * File appears to be malicious: wp-admin/load-styles.php
    * File appears to be malicious: wp-content/themes/twentythirteen/taxonomy-post_format.php
    * File appears to be malicious: wp-content/plugins/wordpress-seo/inc/class-wpseo-replace-vars.php
    * File appears to be malicious: wp-content/plugins/ninja-forms/includes/admin/pages/ninja-forms/tabs/form-settings/help.php
    * File appears to be m

Viewing 10 replies - 1 through 10 (of 10 total)

  • Are you under attack?
    I believe most WP sites are pretty much random targets for hacking as BOTs are program to seek and infiltrate…All my sites on various servers, get periodically hit…actually pretty much every day. Most attacks are weak and short lived but some are relentless.

    But it sounds like your beyond being attacked since if the information is correct, they have infiltrated and injected code etc. Did you originally have a weak password? You should either be restoring a BACKUP or saving your pages, and doing a clean install of your site with WF and any other security measures installed EARLY.

    Thread Starter gilbodavid

    (@gilbodavid)

    Paswword was strong. I had wordfence free, duo cell phone autharisation, and /wp-admin name changing plugin.

    What I want to know is how they got past it, and so easily!!!!

    @gilbodavid
    Well…if you had a strong password and a unique non generic user name in place BEFORE you were infiltrated (and I emphasize “BEFORE”), even without any other security in place…it would take a LONG time to crack that user/password combo. I don’t know the math, but it must be a long long number.

    Perhaps you were already infiltrated before you installed WF, or they got in via a different vulnerability that WF does not handle? (A bad plugin…eg Rev Slider a while back ago) I have learned to read my server’s “raw access logs” and they clearly show every attempt of every IP to access or penetrate my website(s) and especially admin areas. So far in weeks of methodical testing, the server logs match WF’s statistics. Between a good name/password and login protection from WF, I have zero doubts that a bot will get in via that door!

    Thread Starter gilbodavid

    (@gilbodavid)

    Thank you for your replies!

    Ive had WF for a while, strong password, non generic name, all plugins up to date, wordpress automatically up to date, Duo cell phone authentication.

    I use very few plug-ins. Just the best known ones, like Meta Slider, Yoast and WF!!

    My webhost is trying to work it out now.

    They got in very easily.

    Thread Starter gilbodavid

    (@gilbodavid)

    And on all my sites, i set it to 20 log-in attempts then lock out

    IMHO 20 is too generous.
    And what is the “time frame for count failures”?

    Thread Starter gilbodavid

    (@gilbodavid)

    i had about 20 count failures and then they were in. I don’t think they got in by getting my password correctly

    elisac.

    (@elisacerruti)

    Hello gilbodavid,
    maybe they can have had access to your cPanel or your PhpMyadmin, i.e. if you use some FTP program like Filezilla (many reported that the file on sourceforge was infected by malware) they could have had access to your FTP password that with many hosting is one for all: account dashboard, cPanel, PhpMyadmin, FTP. In Mysql there are all the password and user name stored, there they could have found your admin credentials.

    Therefore some of the things you can do now are to:

    • uninstall Filezilla
    • after that, ask to your hosting provider to change your cPanel password
    • using sucuri plugin generate new keys in the sucuri>post-hack panel
    • generate a new password using the wordpress password generator or something like the strong password generator https://strongpasswordgenerator.com/
    • using i Theme you can change the user name, this is highly recommended if you are now using something like “admin” or “mydomainname”
    • use wordfence to block every IP that attempt to access with “admin” or any other common used admin user name
    • use iTheme security to protect all your sensitive pages like wp-amin, wp-login.php etc.
    • using wordfence block each IP that try to access to your wp-login page (ONLY AFTER you have changed it with a new one with iTheme)

      • All the best
      Elisa

    Thread Starter gilbodavid

    (@gilbodavid)

    thank you Elisa. i shall do all that with my hosting provider

    Plugin Author WFMattR

    (@wfmattr)

    themadproducer & elisacerruti: Thanks for pitching in here!

    gilbodavid: In addition to the information above, also make sure that WordPress and all plugins are up to date. If you have any additional sites in your hosting account, make sure to update those too — even if they are non-WordPress sites, infections can cross from Drupal, Joomla, and others. We also have a guide to cleaning hacked sites, here: How do I clean my hacked site using Wordfence?

    -Matt R

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘Am I under severe attack?’ is closed to new replies.