Server log warning – suspected malware URL

  • Resolved 9littlebees

    (@ninelittlebees)


    1 year, 3 months ago

    I am getting the following warning in Wordfence scan for multiple log files. The issue is that my website’s “logs” folder is protected and when I contacted my ISP, they said that they could / would not delete any of the files in there, as they provide root functionality to the site.

    https://i.ibb.co/Stbnz7P/Security-Warning.png

    As this warning keeps popping up, I’m concerned that this malicious URL has somehow embedded itself into my website. How can I check this and how do I remove it?

Viewing 1 replies (of 1 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @ninelittlebees, thanks for reaching out about this.

    I’m fairly sure this is a false-positive where a log file that wouldn’t be traditionally in your site’s “wordpress” directory is being picked up because a bad URL from our global blocklist visited your site. Having log of this information isn’t an issue, whereas that URL appearing inside one of your pages or posts could be.

    You could use Wordfence > All Options > Advanced Scan Options > Exclude files from scan that match these wildcard patterns (one per line) to ignore /logs/*. Naturally add any further path information that is redacted from your screenshot as necessary. This page can help you form the correct path: https://www.wordfence.com/help/scan/options/#exclude-files

    If the redacted path above isn’t in your main site’s directory, you can still exclude the logs folder, but you could also consider turning off Wordfence > All Options > General Options > Scan files outside your WordPress installation to avoid similar instances in future. This is usually turned off by default, but can be useful in scenarios where a WordPress blog is included as part of a larger custom site build.

    Thanks,
    Peter.

Viewing 1 replies (of 1 total)
  • The topic ‘Server log warning – suspected malware URL’ is closed to new replies.

Tags