Wordfence – malicious wflogs files

  • Resolved Sash11

    (@sash11)


    7 years, 11 months ago

    I’d just like to ask, what to do with maliciuous (aparently) Worfence files? It looks that all are located in wp-content/wflogs directory.
    I managed to delete malicious code from “rules.php” since it was at the top, before <php
    but I am afraid to do anything with the rest: ips, config, attack-data.
    I have same problems also on two subdomains.

    I tried to reinstal Wordfence but the problem persist. Should I delete directory wflogs and again install wordfence?

    Also, wordfence gave me positives on some Sucuri files too, also located in wp-content directory under sucuri. I deleted sucuri plugin and also those files, so no problem there. But just to clarify… is that possible that such plugin is hacked?

    Thanks

    • This topic was modified 7 years, 11 months ago by Sash11. Reason: edited title
Viewing 5 replies - 1 through 5 (of 5 total)
  • Thread Starter Sash11

    (@sash11)

    Here is the copy/paste

    This file appears to be installed by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: “explode(chr((198-154)),’5785,49,4594,30,5177,40,335,67,4968,24,4399,61,3676,56,4035,22,3550,35,1191,37,1807,65,4568,26,3208,20,5516,70,2887,31,”. The infection type is: Backdoor:PHP/eawtliul.

    Long time WF user here….

    Have you checked this out: How to Clean a Hacked WordPress Site using Wordfence

    Thread Starter Sash11

    (@sash11)

    I did. I had a lot of files infected. Some of them were able to restore, some I cleaned manually. Now I am down to three files, all from wordfence directory. And I don’t know what to do with them.
    If noone can help, I’ll just delete directory and reinstal wordfence. Can’t do any harm to it, I guess

    Hi @sash11
    You can safely remove these files in “/wflogs” directory and this will reset the “Firewall” settings, then the folder will be created again by itself.

    Thanks.

    Thread Starter Sash11

    (@sash11)

    Thank you, wfalaa! Will do that.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Wordfence – malicious wflogs files’ is closed to new replies.