cache files compromised?

  • Resolved n00b82

    (@n00b82)


    3 years, 8 months ago

    Hi, I got an email from DreamHost saying my website may have been hacked and the email identified these files:

    We have identified malicious content on your account, added by an outside entity, which may include malware such as backdoor shells, adware, botnet, and spammer scripts.

    The following file(s) specifically have been identified as attacker-added malware. We have DISABLED these files by setting their permissions to 200 (Owner write-only). You will need to audit these files and either replace them with known good versions or remove them altogether:

    /home/user-name/website.com/wp-content/nfwlog/cache/backup_1624227373_60cfbe2d1897c2.12561092.php
    /home/user-name/website.com/wp-content/nfwlog/cache/backup_1624324452_60d13964650843.54672699.php

    I deleted the files and went through the usual security checklist, but I was hoping you could tell me how this may have happened, or if I need to change settings so it does not happen again?

    Thank you

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author nintechnet

    (@nintechnet)

    It looks like a false positive. Those files are NinjaFirewall’s daily backup (rules and configuration). They aren’t accessible to web users. You may need to tell your host about that, or they will keep flagging them everyday as soon as a new one is created.

    Thread Starter n00b82

    (@n00b82)

    thank you very much!

    Thread Starter n00b82

    (@n00b82)

    Marking as resolved

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘cache files compromised?’ is closed to new replies.