• I use PSN Pagespeed Ninja on my site “https://dhruvrathod.com” and somehow Wordfence seems to notify every single day as showns below;

    Filename: wp-content/plugins/psn-pagespeed-ninja/cache/73/734dcfb8b0d2d91accebbee525715df3be71d800.zz
    File Type: Not a core, theme, or plugin file from www.remarpro.com.
    Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The matched text in this file is: \xed}}w?\xf2\xf0\xdfp\xce\xfd\x0e\xbe\xde\x03\xb4\x17
    
    The issue type is: IOC:BIN/hiding.cache.10143
    Description: Suspicious binary files

    Can you please suggest, what are the steps I can take? Do I need to worry about this?

    • This topic was modified 3 years, 9 months ago by dhruvvy79.
Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Denis Ryabov

    (@dryabov)

    Most likely it is Wordfence’s false-positive. *.zz files are used by PSN’s page cache (they contain page content pre-compressed with deflate encoding). To be sure, you can run something like

    <?php var_dump(gzinflate(file_get_contents('734dcfb8b0d2d91accebbee525715df3be71d800.zz')));

    to check it contains html page sources, but it is very unlikely that someone is trying to store real malware code in PSN’s cache directory.

    Thread Starter dhruvvy79

    (@dhruvvy79)

    I thought as much but was unsure about it so asked it here.

    @dryabov Thanks for clarifying

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Wordfence detects PSN cache as malware’ is closed to new replies.