Supercache file Critical warning

  • Resolved David

    (@davidwp4)


    4 years, 8 months ago

    Hello,

    Firstly, thank you for providing such a great product and service.

    I received an email this morning with 2 critical warnings, both concerning Supercache files:

    ‘ Critical Problems:

    * File appears to be malicious: wp-content/cache/supercache/mywebsite.com/meta-wp-cache-694bbe2381d04a758c55dde238b4fb96.php

    * File appears to be malicious: wp-content/cache/supercache/mywebsite.com/meta-wp-cache-8a5b75989f8b8674e41c4cfc2e57a203.php ‘

    When I log in, I am further told that the file appears modified to perform malicious activity. That the matched text is: Eval($_POST

    Further, that the issue type is: Backdoor:PHP/EvalSuperGlobal.7725

    I checked these forums for false positives and did find a post on the supercache forum stating that malicious code may have been added to the cache. And so I deleted the cache.

    A new scan no longer highlights the file.

    My question is, is/was my website hacked? Was this a false positive? Did deleting the catch resolve the issue?

    Thank you in advanced!

    The page I need help with: [log in to see the link]

Viewing 6 replies - 1 through 6 (of 6 total)

  • Same attack on one of my client sites (domain name changed in description below):

    Other than repeatedly running scans and deleting files as they appear, does anyone have any info on a fix other than disabling Super Cache or clearing the cache?

    TIA —?Larry

    Filename: wp-content/cache/supercache/example.com/meta-wp-cache-c0f8d5caccac02d4f86bae1af2d6f5db.php
    File Type: Not a core, theme, or plugin file from www.remarpro.com.
    Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The matched text in this file is: eval($_POST

    The issue type is: Backdoor:PHP/EvalSuperGlobal.7725
    Description: Code executed from user input – almost always indicates a backdoor

    Plugin Support wfphil

    (@wfphil)

    Hi David & Larry,

    It may have been a false positive. You can send a copy of such a file in a zipped folder to wftest [at] wordfence [dot] com

    Make sure to put your forum username in the subject field and mention here that you have sent mail so that I can go and look for it.

    Thread Starter David

    (@davidwp4)

    Hi wfphil,

    Sorry for the slight delay. I’ve sent the zip file over to you.

    Thank you for your help!

    David

    Plugin Support wfphil

    (@wfphil)

    Hi David,

    Thank you for sending the files.

    They are malicious so please follow our site cleaning guide here:

    https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/

    Thread Starter David

    (@davidwp4)

    Hi wfphil,

    Thanks once again for your help in this matter.

    Kind regards,

    David

    Plugin Support wfphil

    (@wfphil)

    Hi David,

    You are welcome.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Supercache file Critical warning’ is closed to new replies.