File modified and unsafe

  • Resolved wolfi2023

    (@wolfi2023)


    11 months, 2 weeks ago

    Hello everyone! The following problem since I was hacked some time ago: I create a new WP site in my root directory, (previously deleted all content) install Wordfence and run a scan. Result: “This file appears to have been installed or modified by a hacker to perform malicious activity” (file “html/wp-includes/l10n.php”). – The problem type is Backdoor:PHP/EvalSuperGlobal.B.10191……I can’t delete this file, when I try to repair it, the message keeps reappearing!
    But, and here’s the thing, when I install WP in a subdirectory and run a scan, everything is OK…no messages, nothing…everything is OK. How is this possible? Does anyone have any idea? Thanks,

    The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @wolfi2023, thanks for reaching out about this.

    If you are able to download the affected “l10n.php” file via FTP or the file manager on your hosting, detail the post contents above and send a copy of it to samples @ wordfence . com.

    They’ll be able to check out the contents and why it may keep reoccurring in a specific location but not another. My suspicion would be that something has been left behind from a previous infection that targets this file, but they will be able to tell you for sure and what the next steps might be to permanently clean it.

    Thanks,
    Peter.

    Thread Starter wolfi2023

    (@wolfi2023)

    @wfpeter thx, mail was send….

    Plugin Support wfpeter

    (@wfpeter)

    Thanks, I don’t have information on timescales but I know the samples inbox is checked by our team daily.

    Peter.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘File modified and unsafe’ is closed to new replies.