Wordfence Warning after update

  • Resolved PositiveMostOfTheTime

    (@positivemostofthetime)


    12 years, 2 months ago

    This is the warning I just got via Wordfence after the latest update of Updraft

    This file is a PHP executable file and contains the word ‘eval’ (without quotes) and the word ‘unpack’ (without quotes). The eval() function along with an encoding function like the one mentioned are commonly used by hackers to hide their code. If you know about this file you can choose to ignore it to exclude it from future scans.

    https://wordpress.org/plugins/updraftplus/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author David Anderson / Team Updraft

    (@davidanderson)

    12 years, 2 months ago

    Hi PositiveMostOfTheTime,

    Please can you ask questions which involve WordFence in the WordFence forum? We have no knowledge of how WordFence works and how to weigh up if it is going you a valid or invalid warning.

    David

    cihar

    (@cihar)

    12 years, 2 months ago

    Hi, I have the same alert from Wordfence, but I am not sure if it is after the Updraft update, because few hours before I found up in StatComm suspicious behaviour from
    IP address 198.27.65.153[ss2.cloudeh.com]:

    URL:	http://www.mysite.cz/pma/scripts/setup.php/
Type:	Page not found
Referrer:	http://mysite.cz/pma/scripts/setup.php
Full Browser ID:	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Time:	13 hours 11 mins ago -- Mon, 03 Feb 14 22:02:17 +0000 -- 1391464937.260435 in Unixtime
Secs since last hit:	2.2778
URL:	http://www.mysite.cz/pma/scripts/setup.php/
Type:	Normal request
Referrer:	http://mysite.cz/pma/scripts/setup.php
Full Browser ID:	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Time:	13 hours 11 mins ago -- Mon, 03 Feb 14 22:02:14 +0000 -- 1391464934.982625 in Unixtime
Secs since last hit:	0.0000
URL:	http://www.mysite.cz/myadmin/scripts/setup.php/
Type:	Page not found
Referrer:	http://mysite.cz/myadmin/scripts/setup.php
Full Browser ID:	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Time:	13 hours 11 mins ago -- Mon, 03 Feb 14 22:02:14 +0000 -- 1391464934.982625 in Unixtime
Secs since last hit:	2.3332
URL:	http://www.mysite.cz/myadmin/scripts/setup.php/
Type:	Normal request
Referrer:	http://mysite.cz/myadmin/scripts/setup.php
Full Browser ID:	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Time:	13 hours 11 mins ago -- Mon, 03 Feb 14 22:02:12 +0000 -- 1391464932.649379 in Unixtime
Secs since last hit:	0.0000
URL:	http://www.mysite.cz/phpMyAdmin/scripts/setup.php/
Type:	Page not found
Referrer:	http://mysite.cz/phpMyAdmin/scripts/setup.php
Full Browser ID:	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Time:	13 hours 11 mins ago -- Mon, 03 Feb 14 22:02:12 +0000 -- 1391464932.649379 in Unixtime
URL:	http://www.mysite.cz/phpMyAdmin/scripts/setup.php/
Type:	Normal request
Referrer:	http://mysite.cz/phpMyAdmin/scripts/setup.php
Full Browser ID:	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)

and than the Wordfence sent an alert:

Issue

This file may contain malicious executable code

Filename:	www.wordpress.cz/wp-includes/post.php
File type:	Not a core, theme or plugin file.
Issue first detected:	14 mins ago.
Severity:	Critical
Status	New

This file is a PHP executable file and contains the word 'eval' (without quotes) and the word 'urldecode' (without quotes). The eval() function along with an encoding function like the one mentioned are commonly used by hackers to hide their code. If you know about this file you can choose to ignore it to exclude it from future scans.
Tools: View the file. Delete this file (can't be undone).
  Select for bulk delete
Resolve: I have fixed this issue Ignore until the file changes. Always ignore this file.

This file may contain malicious executable code

Filename:	www.wordpress.cz/wp-admin/includes/class-pclzip.php
File type:	Not a core, theme or plugin file.
Issue first detected:	14 mins ago.
Severity:	Critical
Status	New

This file is a PHP executable file and contains the word 'eval' (without quotes) and the word 'unpack' (without quotes). The eval() function along with an encoding function like the one mentioned are commonly used by hackers to hide their code. If you know about this file you can choose to ignore it to exclude it from future scans.
Tools: View the file. Delete this file (can't be undone).
  Select for bulk delete
Resolve: I have fixed this issue Ignore until the file changes. Always ignore this file.

This file may contain malicious executable code

Filename:	www.wordpress.cz/wp-includes/class-simplepie.php
File type:	Not a core, theme or plugin file.
Issue first detected:	14 mins ago.
Severity:	Critical
Status	New

This file is a PHP executable file and contains the word 'eval' (without quotes) and the word 'base64_decode' (without quotes). The eval() function along with an encoding function like the one mentioned are commonly used by hackers to hide their code. If you know about this file you can choose to ignore it to exclude it from future scans.
Tools: View the file. Delete this file (can't be undone).
  Select for bulk delete
Resolve: I have fixed this issue Ignore until the file changes. Always ignore this file.

This file may contain malicious executable code

Filename:	www.wordpress.cz/wp-includes/class-snoopy.php
File type:	Not a core, theme or plugin file.
Issue first detected:	14 mins ago.
Severity:	Critical
Status	New

This file is a PHP executable file and contains the word 'eval' (without quotes) and the word 'urldecode' (without quotes). The eval() function along with an encoding function like the one mentioned are commonly used by hackers to hide their code. If you know about this file you can choose to ignore it to exclude it from future scans.
Tools: View the file. Delete this file (can't be undone).
  Select for bulk delete
Resolve: I have fixed this issue Ignore until the file changes. Always ignore this file.

This file may contain malicious executable code

Filename:	www.wordpress.cz/wp-includes/class-wp.php
File type:	Not a core, theme or plugin file.
Issue first detected:	14 mins ago.
Severity:	Critical
Status	New

This file is a PHP executable file and contains the word 'eval' (without quotes) and the word 'urldecode' (without quotes). The eval() function along with an encoding function like the one mentioned are commonly used by hackers to hide their code. If you know about this file you can choose to ignore it to exclude it from future scans.
Tools: View the file. Delete this file (can't be undone).
  Select for bulk delete
Resolve: I have fixed this issue Ignore until the file changes. Always ignore this file.

This file may contain malicious executable code

Filename:	www.wordpress.cz/wp-admin/press-this.php
File type:	Not a core, theme or plugin file.
Issue first detected:	14 mins ago.
Severity:	Critical
Status	New

This file is a PHP executable file and contains the word 'eval' (without quotes) and the word 'urldecode' (without quotes). The eval() function along with an encoding function like the one mentioned are commonly used by hackers to hide their code. If you know about this file you can choose to ignore it to exclude it from future scans.
Tools: View the file. Delete this file (can't be undone).
  Select for bulk delete
Resolve: I have fixed this issue Ignore until the file changes. Always ignore this file.

This file may contain malicious executable code

Filename:	wp-content/plugins/updraftplus/updraftplus.php
File type:	Not a core, theme or plugin file.
Issue first detected:	14 mins ago.
Severity:	Critical
Status	New

This file is a PHP executable file and contains the word 'eval' (without quotes) and the word 'unpack' (without quotes). The eval() function along with an encoding function like the one mentioned are commonly used by hackers to hide their code. If you know about this file you can choose to ignore it to exclude it from future scans.
Tools: View the file. Delete this file (can't be undone).
  Select for bulk delete
Resolve: I have fixed this issue Ignore until the file changes. Always ignore this file.

This file may contain malicious executable code

Filename:	wp-content/plugins/wp-super-cache/wp-cache.php
File type:	Not a core, theme or plugin file.
Issue first detected:	14 mins ago.
Severity:	Critical
Status	New

This file is a PHP executable file and contains the word 'eval' (without quotes) and the word 'base64_decode' (without quotes). The eval() function along with an encoding function like the one mentioned are commonly used by hackers to hide their code. If you know about this file you can choose to ignore it to exclude it from future scans.
Tools: View the file. Delete this file (can't be undone).
  Select for bulk delete

    [Moderator Note: Please post log files between backticks or use the code button.]

    So I am afraid that the site is hacked

    cihar

    esmi

    (@esmi)

    12 years, 2 months ago

    If you require assistance then, as per the Forum Welcome, please post your own topic.

    This topic has already been resolved.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Wordfence Warning after update’ is closed to new replies.