777d login philippines app.Claim Your Free 999 Pesos Bonus Today

Resolved danjde
(@danjde)

4 years, 8 months ago

Hi Support!

I inform you that WF has detected malicious code in the ../wp-content/wflogs/config-synced.php file.
The file in question I proceeded immediately to remove it from the server.
If you want to look into it’s here: https://www.cosmogonia.org/owncloud/index.php/s/AqAjjNr6rQKZB8D

As a result of this episode I noticed charset problems, solved now.

Thanks!

Viewing 7 replies - 1 through 7 (of 7 total)

Thread Starter danjde
(@danjde)

4 years, 8 months ago

I’ve removed the shared file link to avoid publishing sensitive data, if required I can send it to you.

Thanks
Thread Starter danjde
(@danjde)

4 years, 7 months ago
I report the file header:
```
<?php exit('Access denied'); __halt_compiler(); ?>
******************************************************************
This file is used by the Wordfence Web Application Firewall. Read 
more at https://docs.wordfence.com/en/Web_Application_Firewall_FAQ
******************************************************************
[...]
```
Thanks
- This reply was modified 4 years, 7 months ago by danjde.
WFSupport
(@wfsupport)

4 years, 7 months ago

Thanks for reaching out.

Can you send a copy of this file to wftest [at] wordfence [dot] com? Mention your username (@danjde) in the subject line and paste a link to this post in the message body.
Respond here when you have done so.

Tim

Thread Starter danjde
(@danjde)

4 years, 7 months ago

done!

WFSupport
(@wfsupport)

4 years, 7 months ago

I think that is a false positive. Can you let me know if you have enabled the beta feed on the Wordfence Tools > Diagnostics page? It would be in the “Debugging Options” at the bottom of the page. Uncheck it if it is checked and save the page.

Also can you manually start a new scan (after unchecking the above or now if it was already unchecked)?

If the next scan shows that alert, let me know.

Tim

Thread Starter danjde
(@danjde)

4 years, 7 months ago

No, “Enable beta threat defense feed” is disabled, only “Enable SSL Verification (Disable this if you are consistently unable to connect to the Wordfence servers.)” is enabled.

I’ve done a check without “config-synced.php” result in negative, then I’ve run several test always with “Enable beta threat defense feed” disabled, and always negative.
I saw that the file “config-synced.php” has been recreated and yet the scan is always negative.

I send you an older “config-synced.php” copy..

WFSupport
(@wfsupport)

4 years, 7 months ago

I’m a little unsure if I follow you.

The Beta Feed option is always unchecked. That much I think I understand.

Are the scans finding config-synced.php now or not? Did you choose to ignore the file earlier or add it to the list on the Scan Options and Scheduling page where it says “Exclude files from scan that match these wildcard patterns (one per line)”?

Tim

Viewing 7 replies - 1 through 7 (of 7 total)

The topic ‘Charset problems and malicious code into config-synced.php’ is closed to new replies.

Tags