WordPress.org

Ready to get started?Download WordPress

Forums

Wordfence Security
[resolved] impressive scanning wordfence security (5 posts)

  1. Dr. Ashok Koparday
    Member
    Posted 1 year ago #

    Hi,
    Compliments to Maunder for Wordfence Security Plugin.

    My site was hacked 3 days ago.
    3 days prior to that I had installed "WebsiteDefender WordPress Security".

    12 hours ago I installed and activated "Wordfence Security". I got om my dashboard warning of 50 (precisely 50, not a round figure) attempted logins in just one scan of "Wordfence Security".

    Below is a sample:

    <blockquote>
    United States Saint Louis, United States attempted a failed login using an invalid username "admin".
    IP: 66.154.54.43  [block]
    17 minutes ago
    Canada Montreal, Canada attempted a failed login using an invalid username "admin".
    IP: 108.163.128.206  [block]
    17 minutes ago
    Cayman Islands Cayman Islands attempted a failed login using an invalid username "admin".
    IP: 74.117.220.10  [block]
    Hostname: ns10.dnchosting.com
    17 minutes ago
    Vietnam Ho Chi Minh City, Vietnam attempted a failed login using an invalid username "admin".
    IP: 118.69.198.230  [block]

    I am impressed with Wordfence Security plugin's functioning (it has been only 12 hours since activation).

    I know what it means when your site is hacked.

    Best wishes,
    Dr. Ashok Koparday

    http://wordpress.org/extend/plugins/wordfence/

  2. leejosepho
    Member
    Posted 1 year ago #

    Agreed.

    i installed Wordfence Security just yesterday, and my first scan revealed some altered plugin files where someone had apparently been trying to break in...and then just a little later, it showed where someone else had been trying.

    Valuable plugin.

  3. Dr. Ashok Koparday
    Member
    Posted 1 year ago #

    To
    Mark Maunder,
    CEO Wordfence

    Hi Mark,

    Can you tell if this is hacker's code?

    My site was hacked on 1st February 2013. Perhaps you can recognize the message displayed on my website. It appears the hacker is saying something in triumph.

    hacked by haxorsistz hacked by haxorsistz hacked by haxorsistz hacked by haxorsistz hacked by haxorsistz hacked by haxorsistz hacked by haxorsistz hacked by haxorsistz hacked by haxorsistz hacked by haxorsistz hacked by haxorsistz hacked by haxorsistz hacked by haxorsistz hacked by haxorsistz hacked by haxorsistz

    Server host restored my website with one month previous backup.

    1.
    Wordfence warned me today of a file found in wp content > W3 Total Cache's > object cache that may contain malicious executable code. I see a lot of garbage characters in the file.

    Status New

    This file is a PHP executable file and contains a line 2201 characters long without spaces that may be encoded data along with functions that may be used to execute that code. If you know about this file you can choose to ignore it to exclude it from future scans.

    Before I delete this file I wish to know if this is indeed a malicious code. How much is your suspicion graded 1 to 10?
    Would you like to get a copy of that file?

    2.
    How does Wordfence Security " _ _ _Repair infected core, theme and plugin files_ _ _"? Is it by notifying changes in the files?

    I have gone through most of the links at WordPress Codex related to what to do if site is hacked and how to prevent.

    I am reading the documentation on your http://www.wordfence.com website.

    3.
    I have daily backups of my site prior to the hacking.
    If any one of your team be interested in finding how/why of the hack I can give the backup.

    Mark, any other suggestions you may have to offer are welcome.

    High regards,

    Dr. Ashok Koparday

  4. Dr. Ashok Koparday
    Member
    Posted 1 year ago #

    Hi Mark,

    In another warning
    "Modified plugin file: wp-content/plugins/wordpress-seo/languages/wordpress-seo-hu.mo" I see garbage characters.

    Thanks,
    Dr. Ashok Koparday

  5. Wordfence
    Member
    Plugin Author

    Posted 1 year ago #

    Hi,

    Yes you can send the infected file to mark at wordfence dot com and I'll take a look. Please note that I can't spend too much time doing email support for free customers, but I'll do what I can.

    Regards,

    Mark.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic