<?php\x0d\x0a@eval(@openssl_decrypt / suspicious code / undeletable file

  • Resolved Carlos Pinedo

    (@carlos-pinedo)


    1 year, 4 months ago

    The file name and path are: /home/.code/redis-cache-pro/dir/fWIFijXb.php

    The suspicious code is: <?php\x0d\x0a@eval(@openssl_decrypt

    It’s related to a plugin that I haven’t installed, and apparently, Cloudways uses it by default on their platforms, so I can’t delete it.

    ?Is truly a dangerous code?

    I deeply appreciate any help you can provide.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @carlos-pinedo, thanks for reaching out about this!

    There is a possibility that this is a false-positive because any compressed/minified cache files could contain patterns that resemble known threats. However, I can’t say for sure from the code snippet above that there is nothing to worry about and certainly wouldn’t want to suggest that you ignore a real problem.

    You can download the files highlighted using FTP, or your host’s web-based file manager and send them to samples @ wordfence . com where our team can inform you whether any action is necessary to resolve the issue.

    Please note that when attaching files, ensure that you remove any database access credentials or keys/salts contained inside before sending.

    Thanks,
    Peter.

    Thread Starter Carlos Pinedo

    (@carlos-pinedo)

    Thank you so much, wfpeter. I’ve just sent it to the email you recommended. Additionally, I’ve uploaded the file here: https://okdinamica.com/okd/wp-content/uploads/2023/11/fWIFijXb.txt

    If you have any further feedback, please do let me know.

    Thanks once again.

    Plugin Support wfpeter

    (@wfpeter)

    Thank-you @carlos-pinedo, they should be in touch soon if they haven’t been already. Thanks for also providing the download link in case there are any issues.

    Peter.

    Thread Starter Carlos Pinedo

    (@carlos-pinedo)

    thanks a lot Peter

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘<?php\x0d\x0a@eval(@openssl_decrypt / suspicious code / undeletable file’ is closed to new replies.