File Appears to be Malicious | wp-content/common.php

  • This morning I was reviewing logs and this WF alert was present for 79 of our sites since yesterday.

    The text we found in this file that matches a known malicious file is: “eval(base64_decode”. The infection type is: Suspicious eval with base64 decode..

    We’re running WP 4.6.3 currently (due to a severe theme conflict with 4.7 across these sites). I also know that WF did a significant update that hit our sites in the last couple of days so this could be related.

    In the past I was able to copy and paste the Base64 code into an online decoder to determine if the contents were malicious. But, in this case the encoder spits similar gibberish back at me.

    Has anyone else seen this behavior? Ideas?

Viewing 3 replies - 1 through 3 (of 3 total)

  • Since a couple of weeks I do have word fence, the free one, and yes they keep my site monitoring and let me know when I have apps that needs to be updated. Works good.
    Until just now. This morning I could login but there was also a message from Word fence that there was suspicious malware in website/common.php.

    Ni I received from MX toolbox that is was not possible to open my site and the line at fault was:
    Fatal error: Unknown: Failed opening required ‘/homepages/33/d414524946/htdocs/s414524964.onlinehome.us/pressartusa/here/wordfence-waf.php’ (include_path=’.:/usr/lib/php5.6′) in Unknown on line 0

    How is this possible and how do I enter my website.

    Thank you.

    yes, I am told by WordFence that this is indeed a malicious file that serves to allow people to upload files. That is all the information I have at this point.

    Hi @bobimg
    First of all, this file isn’t included in a default WordPress installation and as you mentioned its content has been flagged by Wordfence scan as suspicious, also running an old version of WordPress isn’t recommended at all, it means that you still have some vulnerabilities that were patched in the recent versions.

    If neither you or your hosting provider recognize this file, then I recommend deleting it, upgrading your WordPress, plugins and themes to the latest version, then check “How to Clean a Hacked WordPress Site using Wordfence” and “How to Harden Your WordPress Site From Attacks“.

    @robtechno please open a new support thread regarding your question following the forum rules.

    Thanks.

    • This reply was modified 7 years, 9 months ago by wfalaa.
Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘File Appears to be Malicious | wp-content/common.php’ is closed to new replies.