Malware in /wflogs/attack-data.php?

  • AMX

    (@lightscapes)


    7 years, 8 months ago

    Hi,
    My hosting company has informed me that this path contains malware and they restricted access to this file. I tried to download it through FTP, I got disconnected a few times but finally succeeded.

    wp-content/wflogs/attack-data.php

    In Notepad++ this file looks like this:

    <?php exit(‘Access denied’); __halt_compiler(); ?>
    wfWAF NULNULNULNULNULNUL?NULNULNUL…
    and several pages of NULNUL….
    Normal Notepad shows empty spaces instead of NUL.

    I checked the same file on another website and on another host. They are all the same and have 40.083 bytes.

    Is it a false alarm or something to worry?
    Wordfence hasn’t recorded any admin logins from suspicious IPs. My FTP password is long and difficult to brute-force.

    • This topic was modified 7 years, 8 months ago by AMX.
Viewing 2 replies - 76 through 77 (of 77 total)

  • I receibed a follow up email from 1&1 a few hours later saying it was a false positive – but I have today received yet another identical notification of a supposed attack.

    Thanks for the updates everyone. Glad to hear it sounds like your scans are working now as well.

    For people just arriving to this thread: A false positive warning was sent out from 1&1 to customers regarding the Wordfence file attack-data.php. They also changed permissions on this file. Everything was looking like it was fixed for a while, then it appears that 1&1 accidentally sent out the incorrect warning again by accident.

    If you are not having any issues with Wordfence, you can ignore the warning from 1&1 regarding attack-data.php. If you are having issues, check with 1&1 to verify that permissions on the file has been restored. If you at this point continue having issues, you can try deleting wflogs folder in wp-content and let it be recreated. PLEASE NOTE that this will completely reset your Firewall. If that doesn’t help, please type up a summary of your issues and post a new thread here in the support forum.

    Thanks!

Viewing 2 replies - 76 through 77 (of 77 total)
  • The topic ‘Malware in /wflogs/attack-data.php?’ is closed to new replies.