Where to find info on “Spam:PHP/agent.13499”

  • Resolved raulandash

    (@raulandash)


    1 year, 7 months ago

    I am trying to find more information on a code block flagged by Wordfence recently. I have spoken to several people and Googled away, but I have had no luck.
    Wordfence result states:
    The matched text in this file is: preg_match(“/[^\/]+\.html$/”, $url) && file_exists($dr4 . $url) && strpos_array($_SERVER[‘HTTP_USER_AGENT’], $bots) !== false) {\x0a $content = file_get_contents($dr4 . $url);\x0a echo $

    The issue type is: Spam:PHP/agent.13499
    Description: Script that serves content to special user agents. Usually seen in spam infections

    Several online and offline scanners have not identified a problem, and our IT people haven’t shed any further light on the subject. Removing the file (public_html/wp-content/core.php) breaks the installation, and the website cannot be accessed. Wordfence suggests the issue is a critical one.

    There does not seem to be any unusual site behaviour.

    Any suggestions on how I might confirm if it’s a genuine problem or a false positive?

Viewing 2 replies - 1 through 2 (of 2 total)

  • Thanks for reaching out.

    We’ve seen that file used in an infected site we cleaned before. I can’t recall what it contained but I know it was being called from the wp-config.php file. You can look for code that says something like
    require_once(‘wp-content/core.php’);
    and remove that line.
    Please note : Before changing any file like wp-config.php you should make a backup copy so that you can restore it if there is a problem.
    Once you have removed the line from wp-config you should be able to remove the file as well.

    Mia

    Thread Starter raulandash

    (@raulandash)

    Thanks Mia, it worked!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Where to find info on “Spam:PHP/agent.13499”’ is closed to new replies.