Phjoin casino login,Jili88 VIP Login.REGISTER NOW GET FREE 888 PESOS REWARDS!

Resolved ravenhawkrfss
(@ravenhawkrfss)

5 years, 11 months ago

I just ran a WP Cerber Security scan on my site and the results came back with three critical issues. All three refer to files in the wflogs folder (suspicious codes listed below). Are these legitimate files and code for Wordfence?

/wp-content/wflogs/rules.php
Suspicious code signatures found

Line 363: 2.9.4.116
Line 829: 2.3.6.1
Line 1418: 1.2.2.5
Line 1434: 3.7.9.1
A suspicious external IPv4 address found. Can cause data leakage. (IPV4)

The scanner recognizes this file as “ownerless” or “not bundled” because it does not belong to any known part of the website and should not be here.

It may remain after upgrading to a newer version of WordPress. It also may be a piece of obfuscated malware. In a rare case it might be a part of a custom-made (bespoke) plugin or theme.

/wp-content/wflogs/config-transient.php
Suspicious code signatures found

Line 6: 104.200.151.54
Line 6: 93.120.130.211
Line 6: 185.7.213.12
Line 6: 93.125.99.56
Line 6: 177.154.139.197
Line 6: 37.187.39.232
Line 6: 71.19.248.195
Line 6: 91.121.73.111
Line 6: 188.138.75.171
Line 6: 178.214.74.84
Line 6: 183.86.207.66
Line 6: 124.5.247.168
Line 6: 46.166.188.221
Line 6: 138.186.2.254
Line 6: 50.3.87.112
Line 6: 201.238.235.205
Line 6: 43.227.253.44
Line 6: 45.55.145.180
Line 6: 67.212.188.154
Line 6: 141.101.234.166
Line 6: 61.152.255.31
Line 6: 42.49.47.98
Line 6: 91.200.12.14
Line 6: 172.98.67.25
Line 6: 178.162.211.217
Line 6: 37.48.70.73
Line 6: 179.182.228.224
Line 6: 46.166.188.201
Line 6: 89.162.11.212
Line 6: 37.237.192.22
Line 6: 183.131.85.41
Line 6: 43.251.16.226
Line 6: 121.225.191.130
Line 6: 5.101.191.19
Line 6: 109.201.154.145
Line 6: 87.96.215.5
Line 6: 184.154.255.229
Line 6: 36.1.115.246
Line 6: 115.231.220.118
Line 6: 91.219.236.127
Line 6: 89.111.176.222
Line 6: 111.23.59.191
Line 6: 46.26.213.75
Line 6: 176.31.1.197
Line 6: 82.165.73.205
Line 6: 93.115.82.54
Line 6: 23.244.164.223
Line 6: 185.46.150.146
Line 6: 66.147.240.172
Line 6: 185.65.134.81
Line 6: 188.165.220.19
Line 6: 54.169.24.99
Line 6: 5.101.191.21
Line 6: 61.152.255.26
Line 6: 51.255.50.158
Line 6: 195.154.183.187
Line 6: 114.221.125.88
Line 6: 130.193.203.88
Line 6: 217.165.68.123
Line 6: 81.169.216.17
Line 6: 121.60.64.80
Line 6: 195.154.199.125
Line 6: 37.204.170.19
Line 6: 60.191.136.36
Line 6: 185.81.158.213
Line 6: 185.65.134.77
Line 6: 104.200.151.21
Line 6: 91.200.12.11
Line 6: 194.209.229.17
Line 6: 63.141.204.73
Line 6: 108.61.166.66
Line 6: 192.99.241.4
Line 6: 168.1.6.39
Line 6: 185.65.134.76
Line 6: 188.138.105.23
Line 6: 43.227.253.48
Line 6: 178.236.145.226
Line 6: 168.1.99.209
Line 6: 93.125.99.19
Line 6: 195.154.250.133
Line 6: 223.74.1.143
Line 6: 107.170.170.95
Line 6: 62.210.152.87
Line 6: 173.214.169.155
Line 6: 61.163.77.90
Line 6: 187.183.108.195
Line 6: 37.139.64.123
Line 6: 46.166.188.203
Line 6: 42.96.138.109
Line 6: 201.203.120.227
Line 6: 46.166.136.162
Line 6: 94.98.225.48
Line 6: 176.9.124.208
Line 6: 37.59.56.6
Line 6: 185.65.134.74
Line 6: 115.230.127.5
Line 6: 78.109.24.97
Line 6: 37.26.217.95
Line 6: 93.115.87.78
Line 6: 45.32.232.26
Line 6: 5.63.157.161
Line 6: 185.5.249.105
Line 6: 109.201.152.241
Line 6: 207.210.203.199
Line 6: 95.32.217.223
Line 6: 104.238.169.109
Line 6: 125.227.74.11
Line 6: 23.80.166.207
Line 6: 183.60.111.166
Line 6: 60.172.246.23
Line 6: 193.138.219.234
Line 6: 58.218.169.162
Line 6: 185.65.134.78
Line 6: 109.201.152.7
Line 6: 46.166.190.245
Line 6: 185.59.17.212
Line 6: 46.166.190.197
Line 6: 5.134.118.167
Line 6: 61.146.153.54
Line 6: 46.105.214.200
Line 6: 163.172.43.208
Line 6: 2.50.48.203
Line 6: 121.52.216.232
Line 6: 116.24.105.207
Line 6: 61.153.157.18
Line 6: 185.81.157.234
Line 6: 94.25.231.216
Line 6: 103.200.209.107
Line 6: 143.248.216.53
Line 6: 52.207.231.122
Line 6: 222.186.58.34
Line 6: 46.246.32.144
Line 6: 103.30.43.171
Line 6: 182.18.163.190
Line 6: 104.238.102.85
Line 6: 46.166.188.193
Line 6: 176.114.1.175
Line 6: 78.199.149.20
Line 6: 95.173.171.217
Line 6: 27.152.195.24
Line 6: 104.155.11.142
Line 6: 46.243.173.2
Line 6: 94.23.217.16
Line 6: 103.14.141.213
Line 6: 104.200.151.31
Line 6: 155.230.90.52
Line 6: 115.237.87.197
Line 6: 173.199.65.58
Line 6: 198.8.80.54
Line 6: 111.94.63.124
Line 6: 213.149.103.134
Line 6: 69.30.223.172
Line 6: 8.35.196.176
Line 6: 109.234.37.214
Line 6: 185.7.215.164
Line 6: 188.138.105.63
Line 6: 162.216.46.159
Line 6: 155.94.243.117
Line 6: 51.254.99.123
Line 6: 105.109.16.118
Line 6: 185.25.205.30
Line 6: 188.138.105.84
Line 6: 212.83.130.154
Line 6: 91.250.118.36
Line 6: 86.105.212.124
Line 6: 78.229.132.224
Line 6: 221.11.69.163
Line 6: 63.128.163.23
Line 6: 63.128.163.27
Line 6: 173.236.29.218
Line 6: 112.67.108.244
Line 6: 151.80.129.223
Line 6: 94.198.240.70
Line 6: 46.166.137.228
Line 6: 176.31.116.163
Line 6: 182.100.67.88
Line 6: 149.202.218.150
Line 6: 94.23.12.191
Line 6: 43.227.253.68
Line 6: 187.49.206.222
Line 6: 62.210.88.57
Line 6: 46.252.149.13
Line 6: 172.87.221.201
Line 6: 216.244.87.179
Line 6: 62.250.111.93
Line 6: 43.224.249.212
Line 6: 176.107.249.126
Line 6: 105.109.1.116
Line 6: 162.158.90.58
Line 6: 197.15.242.188
Line 6: 46.242.56.188
Line 6: 157.52.245.11
Line 6: 108.61.123.71
Line 6: 91.121.184.126
Line 6: 69.195.124.58
Line 6: 66.148.121.112
Line 6: 108.61.166.139
Line 6: 107.179.100.123
Line 6: 120.37.226.104
Line 6: 208.76.86.137
Line 6: 185.7.214.235
Line 6: 46.45.177.105
Line 6: 86.62.117.180
Line 6: 211.101.15.239
Line 6: 46.17.96.146
Line 6: 37.73.130.225
Line 6: 41.76.214.146
Line 6: 61.152.255.6
Line 6: 31.220.4.161
Line 6: 134.213.54.163
Line 6: 110.85.114.190
Line 6: 59.147.89.247
Line 6: 217.160.206.45
Line 6: 198.27.99.61
Line 6: 91.200.12.56
Line 6: 217.172.77.110
Line 6: 130.193.225.23
Line 6: 162.221.186.173
Line 6: 95.175.33.71
Line 6: 97.74.236.57
Line 6: 178.239.176.64
Line 6: 46.246.41.96
Line 6: 66.199.245.94
Line 6: 5.153.233.114
Line 6: 185.81.159.141
Line 6: 162.216.46.82
Line 6: 221.2.154.56
Line 6: 91.203.144.114
Line 6: 183.253.128.197
Line 6: 110.173.17.36
Line 6: 178.32.218.13
Line 6: 185.65.132.100
Line 6: 77.222.61.87
Line 6: 93.115.83.244
Line 6: 66.199.146.151
Line 6: 52.207.180.38
Line 6: 27.152.204.47
Line 6: 54.169.210.86
Line 6: 217.66.241.141
Line 6: 61.146.153.20
Line 6: 194.67.211.41
Line 6: 158.69.253.25
Line 6: 46.165.208.207
Line 6: 46.161.9.35
Line 6: 104.232.98.28
Line 6: 195.123.213.91
Line 6: 58.221.59.136
Line 6: 46.165.210.13
Line 6: 193.108.197.3
Line 6: 188.120.243.155
Line 6: 173.208.169.42
Line 6: 46.235.43.107
Line 6: 52.179.6.185
Line 6: 93.115.84.122
Line 6: 210.75.240.11
Line 6: 211.69.141.13
Line 6: 188.132.176.4
Line 6: 87.72.207.140
Line 6: 179.182.58.215
Line 6: 46.98.91.130
Line 6: 46.166.188.230
Line 6: 46.166.188.229
Line 6: 185.116.213.71
Line 6: 185.22.184.70
Line 6: 188.165.214.208
Line 6: 192.169.7.102
Line 6: 37.130.227.133
Line 6: 185.65.134.75
Line 6: 83.147.116.160
Line 6: 5.188.203.23
Line 6: 217.97.253.164
Line 6: 91.142.223.52
Line 6: 191.252.51.2
Line 6: 106.184.21.173
Line 6: 171.101.228.26
Line 6: 194.186.47.152
Line 6: 208.66.77.18
Line 6: 85.159.237.4
Line 6: 45.79.5.172
Line 6: 104.238.102.55
Line 6: 5.189.171.128
Line 6: 163.172.172.232
Line 6: 62.210.142.53
Line 6: 185.80.166.149
Line 6: 109.201.152.242
Line 6: 64.69.57.33
Line 6: 82.103.130.187
Line 6: 148.251.244.216
Line 6: 67.229.35.182
Line 6: 202.168.154.249
Line 6: 62.210.162.42
Line 6: 52.33.240.247
Line 6: 185.65.132.121
Line 6: 195.154.68.60
Line 6: 191.33.235.33
Line 6: 121.108.196.227
Line 6: 95.167.190.230
Line 6: 103.200.209.109
Line 6: 108.61.68.140
Line 6: 54.153.80.124
Line 6: 46.166.138.140
Line 6: 176.9.36.102
Line 6: 184.154.36.175
Line 6: 192.151.155.115
Line 6: 66.83.97.122
Line 6: 46.166.190.200
Line 6: 73.54.167.96
Line 6: 59.144.97.117
Line 6: 192.69.192.234
Line 6: 121.141.148.152
Line 6: 178.210.90.90
Line 6: 65.198.72.201
Line 6: 94.23.53.89
Line 6: 89.108.71.97
Line 6: 91.136.8.9
Line 6: 176.53.21.214
Line 6: 93.115.83.243
Line 6: 77.120.237.158
Line 6: 5.157.38.10
Line 6: 115.124.106.69
Line 6: 80.87.193.133
Line 6: 179.176.111.124
Line 6: 109.228.51.30
Line 6: 89.204.214.209
Line 6: 93.114.43.244
Line 6: 91.200.12.1
Line 6: 184.154.36.181
Line 6: 77.222.56.16
Line 6: 123.30.186.24
Line 6: 109.201.154.201
Line 6: 79.119.49.132
Line 6: 66.147.244.145
Line 6: 178.162.211.214
Line 6: 158.69.213.58
Line 6: 185.130.5.131
Line 6: 54.91.184.211
Line 6: 185.7.215.72
Line 6: 45.32.233.86
Line 6: 103.243.27.35
Line 6: 96.126.100.95
Line 6: 46.19.138.66
Line 6: 67.55.114.84
Line 6: 45.32.239.246
Line 6: 210.75.241.86
Line 6: 188.138.105.83
Line 6: 178.162.205.27
Line 6: 61.152.255.21
Line 6: 109.237.221.165
Line 6: 58.210.81.252
Line 6: 178.162.199.92
Line 6: 61.152.255.16
Line 6: 178.137.87.242
Line 6: 173.82.80.62
Line 6: 184.154.139.9
Line 6: 173.245.50.139
Line 6: 66.79.174.212
Line 6: 212.227.249.105
Line 6: 208.113.129.139
Line 6: 108.61.90.171
Line 6: 185.133.32.19
Line 6: 115.225.39.148
Line 6: 121.14.19.23
Line 6: 176.31.99.191
Line 6: 217.146.69.1
Line 6: 46.166.186.221
Line 6: 186.202.153.100
Line 6: 77.79.247.170
Line 6: 42.96.189.12
Line 6: 59.173.144.210
Line 6: 82.205.111.98
Line 6: 46.166.188.204
Line 6: 95.140.34.11
Line 6: 69.175.22.218
Line 6: 173.0.52.149
Line 6: 173.199.142.212
Line 6: 94.249.200.2
Line 6: 198.143.32.9
Line 6: 107.151.241.7
Line 6: 181.214.55.132
Line 6: 24.142.136.50
Line 6: 108.61.117.164
Line 6: 109.228.55.177
Line 6: 46.246.38.47
Line 6: 98.129.6.33
Line 6: 190.210.142.45
Line 6: 46.166.190.180
Line 6: 87.236.215.245
Line 6: 103.255.15.69
Line 6: 206.217.208.160
Line 6: 65.60.57.178
Line 6: 103.251.112.109
Line 6: 46.166.138.160
Line 6: 179.43.148.2
Line 6: 197.2.209.122
Line 6: 46.166.137.225
Line 6: 46.166.138.133
Line 6: 95.32.153.192
Line 6: 5.8.54.123
Line 6: 190.65.221.162
Line 6: 178.162.201.97
Line 6: 185.81.157.181
Line 6: 95.211.52.52
Line 6: 154.41.66.18
Line 6: 103.55.63.185
Line 6: 109.201.152.9
Line 6: 103.44.91.201
Line 6: 62.169.207.237
Line 6: 176.56.230.79
Line 6: 98.126.13.114
Line 6: 212.33.115.133
Line 6: 180.153.242.3
Line 6: 163.172.143.114
Line 6: 63.128.163.20
Line 6: 8.26.21.61
Line 6: 187.45.240.67
Line 6: 91.192.37.6
Line 6: 46.166.186.239
Line 6: 200.149.220.90
Line 6: 197.0.37.253
Line 6: 41.86.105.47
Line 6: 149.255.61.240
Line 6: 108.61.166.135
Line 6: 193.138.219.231
Line 6: 138.128.65.10
Line 6: 162.251.167.90
Line 6: 5.175.8.29
Line 6: 5.101.142.86
Line 6: 37.59.64.102
Line 6: 46.166.190.219
Line 6: 162.158.89.168
Line 6: 116.30.77.238
Line 6: 95.32.97.121
Line 6: 5.101.122.20
Line 6: 179.188.17.227
Line 6: 37.187.75.213
Line 6: 138.128.194.100
Line 6: 109.201.154.157
Line 6: 111.177.117.48
Line 6: 172.98.67.92
Line 6: 61.216.121.58
Line 6: 185.123.141.194
Line 6: 95.110.173.168
Line 6: 83.220.168.174
Line 6: 149.202.191.127
Line 6: 112.66.208.159
Line 6: 46.246.40.97
Line 6: 81.169.230.205
Line 6: 91.108.183.10
Line 6: 5.101.191.45
Line 6: 83.137.158.239
Line 6: 50.62.135.250
Line 6: 198.27.100.212
Line 6: 109.234.39.250
Line 6: 117.152.104.228
Line 6: 5.12.203.35
Line 6: 195.154.194.179
Line 6: 144.217.81.160
Line 6: 195.154.204.51
Line 6: 62.152.230.26
Line 6: 139.59.163.102
Line 6: 161.202.72.139
Line 6: 195.154.209.110
Line 6: 46.166.138.171
Line 6: 46.166.188.245
Line 6: 212.96.160.176
Line 6: 121.60.67.104
Line 6: 77.55.249.42
Line 6: 37.139.64.124
Line 6: 184.154.139.17
Line 6: 46.166.186.237
Line 6: 168.235.97.87
Line 6: 93.189.43.43
Line 6: 223.157.230.114
Line 6: 185.108.128.8
Line 6: 101.0.111.242
A suspicious external IPv4 address found. Can cause data leakage. (IPV4)

Line 6: 2a00:1a48:7808:104:9b57:dda6:eb3c:61e1
A suspicious external IPv6 address found. Can cause data leakage. (IPV6)

The scanner recognizes this file as “ownerless” or “not bundled” because it does not belong to any known part of the website and should not be here.

It may remain after upgrading to a newer version of WordPress. It also may be a piece of obfuscated malware. In a rare case it might be a part of a custom-made (bespoke) plugin or theme.

/wp-content/wflogs/config-livewaf.php
Suspicious code signatures found

Line 6: 72.168.177.46
Line 6: 72.168.177.46
A suspicious external IPv4 address found. Can cause data leakage. (IPV4)

The scanner recognizes this file as “ownerless” or “not bundled” because it does not belong to any known part of the website and should not be here.

It may remain after upgrading to a newer version of WordPress. It also may be a piece of obfuscated malware. In a rare case it might be a part of a custom-made (bespoke) plugin or theme.

Viewing 6 replies - 1 through 6 (of 6 total)

dineshan
(@dineshan)

5 years, 11 months ago

Hi ravenhawkrfss (@ravenhawkrfss),

Please check this file “wflogs” is in your host. Most of the time its under wp-content folder. If this file is there you should deactivate your Wordfence plugin and delete this file “wflogs”.

Thread Starter ravenhawkrfss
(@ravenhawkrfss)

5 years, 11 months ago

dineshan,

I deleted the “wflogs” folder from my hosting server, reactivated Wordfence and ran another Cerber Security scan and the “wflogs” folder was recreated as soon as I reactivated Wordfence.

I am going to try deleting Wordfence and reinstalling it to see what happens.

Thread Starter ravenhawkrfss
(@ravenhawkrfss)

5 years, 11 months ago

I deactivated and deleted Wordfence, but “wordfence-waf.php” is still present in my WordPress installation files. I tried deleting it but my site was completely disabled. So I restored the site files and deleted Wordfence again. Should the wordfence-waf.php file exist in my site files?

wfdave
(@wfdave)

5 years, 11 months ago

Hi @ravenhawkrfss,

The wflogs folder contains files that keep track of blocked/malicious IP addresses.

There is no concern of those files you listed (rules.php, config-transient.php, and config-livewaf.php).

—

If you wish to remove Wordfence, you will want to edit your php.ini, .user.ini, or .htaccess to remove references to wordfence-waf.php.

When you first installed Wordfence and configured its firewall, it edits one of these files so that Wordfence can run before any other PHP scripts run. When PHP tries to run, but can’t find the wordfence-waf.php file, it causes PHP to throw a fatal error.

Dave

afuentest
(@afuentest)

5 years, 11 months ago

Hi Dave,
I use wordfence in several sites. I just received a notification from sitelock saying that malware was found in one of my sites so I ran an scan through siteguarding.com which had this message as a result:
File with malicious codes
/wp-content/wflogs/config-synced.php
These files are not 100% malicious code/scripts, but contain code elements and commands those have been used in different malicious scripts. Review is required.Each file in the report might contain malicious code.

Due to this I ran scans in other of my sites(in different hosting services) and had the same result so I uninstalled the plugin. Of course I trust wordfence but need to know if this is a false positive? or if there is something else I should do?
Thanks!!

Thread Starter ravenhawkrfss
(@ravenhawkrfss)

5 years, 11 months ago

Dave,

Thank you for the infomration. I will contact Cerber to have them look into their definitions. I had a report of another suspicious file in a different plugin that was incorrectly classified so I think their definitions are probably not complete for all plugins.

Thanks for your assistance!
ravenhawkrfss