Base64 Injection?

  • Resolved Steve

    (@aksteve)


    10 years, 1 month ago

    I did a site scan with Wordfence and it cam back with 6 infected files – all ninjafirewall files. Not sure this is a false positive. Here is what wordfence says:

    File appears to be malicious: wp-content/nfwlog/firewall_2016-05.php
    Filename: wp-content/nfwlog/firewall_2016-05.php
    File type: Not a core, theme or plugin file.
    Issue first detected: 2 mins ago.
    Severity: Critical
    Status New
    This file appears to be installed by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: “ZXZhbC”. The infection type is: eval base64 encoded

    Am I infected or is this a legit NF file? Thanks

    https://wordpress.org/plugins/ninjafirewall/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author nintechnet

    (@nintechnet)

    10 years, 1 month ago

    Hi,

    It’s a false positive, because firewall_2016-05.php is NinjaFirewall’s log. It contains all threats that were blocked by the firewall, which you can view from the log menu accessible from your WordPress dashboard.

    Thread Starter Steve

    (@aksteve)

    10 years, 1 month ago

    Thanks for the quick reply. How compatible are NFW and WFence? I am not using the WordFence firewall because I think it conflict with yours. But am using other WFence features.

    This OK?

    Plugin Author nintechnet

    (@nintechnet)

    10 years, 1 month ago

    You should be fine.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Base64 Injection?’ is closed to new replies.