Thread Starter
ampli
(@ampli)
P.S. few days back this month (only this month) log file was marked as infected and deleted by the server antivirus so I couldn’t check the file.
the plugin was not updated to the latest version that time so may be there was some issue with the previous version, though there was nothing else infected/suspicious found on the server.
Another thing I want to know do this firewall gives alert in case of any change to the database too ?
Hi,
There is no code in the WP edition to clear or delete the log, so I will assume you may have an application that did it. The log contains blocked threats with some details which may wrongly be detected as “infected”.
Consider adding the log folder (/wp-content/nfwlog/) to your antivirus whitelist.
It is a bit scary if there is an application or plugins that deleted it without warning, though.
Regarding the database, it will alert you if an admin account was created, deleted or modified. It is enabled by default (NinjaFirewall > Event Notifications > Database).
Thread Starter
ampli
(@ampli)
yeah i too thought so the details of the blocked threat might have triggered the antivirus.
regarding cleared log I didn’t do any addition/changes to the site the only thing I did was activated the auto rules update feature and modified some firewall policies.
I have checked other files but only cache have been recently modified and no other new files have been created or modified so I don’t think my site is hacked.
I will now monitor and see if it happens again tomorrow and update it here.
And thanks for your super quick support 🙂
Thread Starter
ampli
(@ampli)
the log auto clear problem is still there
but no new suspicious files are added,modified or deleted as confirmed by the snapshot tool too
Is your antivirus setup to automatically delete suspicious file?
If this is a shared hosting account, could you ask your host about that?
Thread Starter
ampli
(@ampli)
I have asked my host about it just waiting for their reply
Thread Starter
ampli
(@ampli)
it seems the problem was the antivirus now I have added the logs to the exclusion
Thread Starter
ampli
(@ampli)
Is there any way to change the extension of the log file ?
It is not possible to change it. All files in the log folder have the .php extension so that they are protected by the firewall.
Thread Starter
ampli
(@ampli)
oh ok marking it as solved