File appears to be malicious or unsafe: site/eanrf.php

  • Resolved Ruma Dey Baidya

    (@holidaystory17)


    3 years, 11 months ago

    Hi Team

    In my recent scan, I found this. Is it really scary? Please help me. (Unable to repair)

    __________________

    Filename: site/eanrf.php

    File Type: Not a core, theme, or plugin file from www.remarpro.com.
    Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The matched text in this file is: <?php\x0a\x0a@ini_set(‘error_log’, NULL);@ini_set(‘log_errors’, 0);@ini_set(‘max_execution_time’, 0);

    The issue type is: Backdoor:PHP/keeperpage.913
    Description: A backdoor known as keeperpage

Viewing 4 replies - 16 through 19 (of 19 total)
  • Plugin Support WFAdam

    (@wfadam)

    To answer your query, the rule makes it so requests can be sent out from your site to our scan server(noc1) and a signal can also be sent back to your site.

    it looks like something is still preventing the scan from starting. Navigate to Wordfence > Tools > Diagnostics > Debugging and enable Start All Scans Remotely, then attempt another scan. Let me know the results!

    Thanks!

    Thread Starter Ruma Dey Baidya

    (@holidaystory17)

    Not working remote scan..

    _____________

    [Dec 23 20:18:30] Entering start scan routine
    [Dec 23 20:18:30] Got value from wf config maxExecutionTime: 20
    [Dec 23 20:18:30] getMaxExecutionTime() returning config value: 20
    [Dec 23 20:18:30] Starting cron via proxy at URL https://noc1.wordfence.com/scanp/www.theholidaystory.com/wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=0&scanMode=standard&cronKey=2dc6f02901a3e58aaae401dc5da63c4b&k=aea9b41ea89b3f693b7f2c14115f65e1a22e2cc89dc7bb4125cb5fd7bab4180562019cb090bb8604f396e606daa0e3fdcb1a51503bce12ec01566803f4d6cdd067cdf174a86cfffaed920f2f7d56e71d&ssl=1&signature=8666d6a1194cad0cfded8bcedde6e4e5b0f664855dd60a03d7d310b712e1bbba
    [Dec 23 20:18:31] Scan process ended after forking.

    Plugin Support WFAdam

    (@wfadam)

    A complete re-install of Wordfence might be a good step. It’s always best to make a backup of the site and database before installing/removing plugins, just to be safe.

    Additionally, you can backup your Wordfence settings via the Export option. Navigate to Wordfence > Tools > Import/Export Options and click Export. You can also take note of the current Whitelisted URLs you have in Wordfence > Firewall > All Firewall Options > Whitelisted URLs as these are NOT included in the Import/Export, and will be lost during the re-install.
    Here is what is exported: https://www.wordfence.com/help/tools/import-export/
    During the export, you will be given a long string of text. Keep this safe, you’ll need it in a few minutes.

    After that, enable the option to Delete Wordfence tables and data on deactivation in All Options > General Wordfence Options. You will want to remember to disable this after you reinstall Wordfence again.

    After you enable that option, you can deactivate Wordfence from the Plugins area of your site, then delete it. Next, from the plugins area, search for and re-install Wordfence like normal.

    It will be like setting Wordfence up for the first time. You will need to enter an email address, and then go into Tools > Import/Export Options and paste that string of text into the Import Wordfence Options field and click the button there.

    The firewall will be in Learning Mode by default for 7 days. I would recommend switching this to Enabled and Protected as soon as possible.

    Once you have completed this. Lets try to run another scan. Let me know how it goes!

    Thanks!

    Thread Starter Ruma Dey Baidya

    (@holidaystory17)

    Dear Team , No luck. I have install and install word fence but still the scan failed.

Viewing 4 replies - 16 through 19 (of 19 total)
  • The topic ‘File appears to be malicious or unsafe: site/eanrf.php’ is closed to new replies.