Bunch of gif files

  • Resolved notjustshrawan

    (@notjustshrawan)


    1 year, 6 months ago

    Hello Wordfence team,

    Just noticed today that a bunch of gif files were uploaded to one of posts, they go under the filenames image(.gif) up till image-8 (.gif). They are 1 pixel each, appear to just be white dots, with file size in bytes. My team members tell me that they haven’t uploaded these, but when I see the same files under Media Library, next to “Uploaded by” they have an author name attached to it.

    I manually refreshed the rules and ran the Wordfence scan again and it is normal, didn’t see any file changes or malicious files in the report.

    Can you advise what I should do next?

    Thanks,

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @notjustshrawan, thanks for getting in touch.

    If Wordfence doesn’t see these files as containing malicious code, or that they’re out of place (such as inside a WordPress core or plugin folder), causing a mismatch between repository versions and your site, then they could be perfectly normal. An automatic plugin update, or a site building tool could have legitimately created them.

    Do they appear in the uploads folder or in another folder location? You could also try backing them up locally and deleting them from the folder on your web server. Do any pages start reporting them as missing (404) in your Browser Console signifying a plugin may be legitimately looking for them, or are they recreated automatically after a period of time?

    Thanks,
    Peter.

    Thread Starter notjustshrawan

    (@notjustshrawan)

    Hello Peter,

    Thank you so much for your response. I’ve run the wordfence scan again today, and as yesterday, we didn’t see anything on the scan report.

    Additionally my host checked and the wordpress core files are verified, meaning that they don’t see any problems.

    We investigated further, and these gif files have been uploaded to a particular wordpress post, and when we checked the server logs, they coordinate with the IP address range and the time when my writer was editing/in that post. The timestamp of the upload matches with the time when my writer was editing that post.

    Also we see these gif files were loaded only on two occasions.

    Can I go ahead and delete these files now?

    Plugin Support wfpeter

    (@wfpeter)

    Hi @notjustshrawan,

    Ultimately if your WordPress installation and plugins are verified and not flagging as changed, you can delete other files to your preference. If you’re satisfied that they’re not required and won’t be creating excessive 404 errors on the post they should be safe to remove.

    Thanks again,
    Peter.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Bunch of gif files’ is closed to new replies.