IOptimize

  • Resolved canine1503

    (@canine1503)


    2 years, 1 month ago

    I keep getting the following warning:

    Visitor IP Address:	146.59.243.31
Firewall Rule:	Exe File Uploads
Firewall Pattern:	\.(dll|rb|py|exe|php[3-6]?|pl|perl|ph[34]|phl|phtml|phtm|sql|ini|jsp|asp|git|svn|tar)$
Request Path:	/wp-content/plugins/ioptimization/IOptimize.php
Parameter Name:	userfile
Parameter Value:	zwxnwyuqwg.php

    I know that ioptimization/IOptimize.php is not a plugin, but a malware script. How it has got on my Shield-protected site is beyond me.

    I am aware that I should make sure this is removed. However, looking at my site via FTP, there appears to be no such file or directory. I have, of course, looked for hidden files as well.

    Why am I seeing this on a daily basis?

    Cheers,

    Mike

    The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)
  • Plugin Author Paul

    (@paultgoodchild)

    Hi Mike,

    What you’re seeing is a warning about a request to upload a PHP file via /wp-content/plugins/ioptimization/IOptimize.php, sent by a bot (in all likelihood) at 146.59.243.31.

    This doesn’t mean the file (/wp-content/plugins/ioptimization/IOptimize.php) is on your site. It means someone sent a request there hoping that the file exists so it could upload the PHP file (zwxnwyuqwg.php), which is likely malware of some description.

    Shield blocked the request(s).

Viewing 1 replies (of 1 total)
  • The topic ‘IOptimize’ is closed to new replies.