Attempted Malware Insertion via POST
-
Hi – Our client’s server level firewall protection triggered by a malicious attempted php malware injection. While this was caught by server software, my question is why did WordFence not detect it at the WordPress level? No alerts were sent or showing on the dashboard.
Question: We have the free version of WordFence installed, so what settings would you recommend to combat this (see details below), and if you recommend a paid plan… what level?
DETAILS- At 2026-06-24 06:26:18 UTC, the server received an external POST request to:
- POST /wp-admin/admin-ajax.php HTTP/1.1
- source IP: 124.164.186.54
- host/vhost: [ Link moved to link field where it belongs ]
- HTTP response: 403 (request rejected)
- During processing of that request, PHP temporarily wrote the uploaded content to:
- /tmp/php9QQNai
- Microsoft Defender for Endpoint detected the file as Backdoor:PHP/ReplmentStrshl.A!dha at write time.
- Defender telemetry indicates the file was not executing when detected, and the file was removed immediately afterward
The page I need help with: [log in to see the link]
- At 2026-06-24 06:26:18 UTC, the server received an external POST request to:
Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
You must be logged in to reply to this topic.