Malware in /wflogs/attack-data.php?

  • AMX

    (@lightscapes)


    7 years, 8 months ago

    Hi,
    My hosting company has informed me that this path contains malware and they restricted access to this file. I tried to download it through FTP, I got disconnected a few times but finally succeeded.

    wp-content/wflogs/attack-data.php

    In Notepad++ this file looks like this:

    <?php exit(‘Access denied’); __halt_compiler(); ?>
    wfWAF NULNULNULNULNULNUL?NULNULNUL…
    and several pages of NULNUL….
    Normal Notepad shows empty spaces instead of NUL.

    I checked the same file on another website and on another host. They are all the same and have 40.083 bytes.

    Is it a false alarm or something to worry?
    Wordfence hasn’t recorded any admin logins from suspicious IPs. My FTP password is long and difficult to brute-force.

    • This topic was modified 7 years, 8 months ago by AMX.
Viewing 15 replies - 61 through 75 (of 77 total)

  • 1and1 is rolling back the file permissions now. Step by step.

    Solved for me too.

    thank you for updating me, yes mine worked fine now too.

    Hi everyone,

    Got another email from 1&1 this morning about the attack-data.php file being a malicious upload.

    Anyone else also been tagged again?

    Yes I did – Monkeys!

    Me too! Different site though.

    Alert 1and1 immediately. I have already done so, on the previous support thread they sent. I haven’t had any notifications myself yet, but worth doing.

    Stevo

    For me it was the same site and file. The email even has the same ticket ID.

    I have forwarded their email confirmation of the resolution to the last alert on Monday so we will see what happens.

    I must admit seems strange if they have updated their “scanner” to allow this file that here we are again not 3 days later.

    That said I have been a 1&1 customer for 15 years and have always had good service with few real issues.

    @olymp1c – I would agree with that also. 1&1 have been excellent. Things happen with all services, now and again. I’m sure it will be sorted shortly, as previous.

    just got this from 1&1

    Due to another error in our system the original mail was sent out again. We haven’t changed anything on your webspace. No further actions from your side are requiered.

    We apologies for this cunfusion and the inconviniences.

    check the spelling!

    I’m guessing this 1&1 host is some sort of budget-oriented host provider?
    You get what you pay for…

    not really ??
    It is part of United Internet

    @bluebearmedia – I’ve been with them several years, and they are excellent. Don’t forget that this is due to the company showing due diligence in searching for malware/viruses, and it’s purely a scanning/analysis setting adjustment.

    I’d rather the odd false positive shows up, than to be caught because a provider doesn’t support me properly.

    Hackers inflict the most pain on the most sites with large hosting companies.

    I was just shocked by the incredibly bad grammar in that email snippet… gives the suggestion of a very unprofessional outfit!

Viewing 15 replies - 61 through 75 (of 77 total)
  • The topic ‘Malware in /wflogs/attack-data.php?’ is closed to new replies.