files in wflogs directory hacked?
-
I’m a happy wordfence pro user. Unfortunately my site was hacked anyway. The wordfence update this morning resulted in a blank screen for all pages in my site. I reinstalled wordpress, and reinstalled wordfence. Fortunately, the site works again.
Doing the above, I found out that almost all php-files in my site started with a long line of unreadable code, starting with: <?php $bjnrmjz = ‘)sutcvt-#w… The 404-page stated that the site was ‘Hacked by Dr.web’.
With the help of the wordfence scan, I was able to clean up all of those files, except for the .php-files generated by wordfence in the /wflogs/-directory. That directory contains the following files:.htaccess
attack-data.php
config.php
ips.php
rules.php
wafRules.rulesMy questions:
1. Are the above the rights files?
2. The .php files all begin with that long line of unreadable code starting with: <?php $bjnrmjz = ‘)sutcvt-#w… Is this right or does this indicate a hack? And if so, how to remove that, because it is generated by wordfence? I already deleted the complete directory, but in a minute the directory/files are regenerated including the long line of unreadable code mentioned above.Thanks for your help!
- The topic ‘files in wflogs directory hacked?’ is closed to new replies.
