Changed index.php file in uploads folder

Resolved

(@digbymaass)

The previous index.php in wp-content/uploads

<?php
// GNU General Public License

has become this (maybe from the upgrade to 4.7):

<?php
/**
 * Front to the WordPress application. This file doesn't do anything, but loads
 * wp-blog-header.php which does and tells WordPress to load the theme.
 *
 * @package WordPress
 */

/**
 * Tells WordPress to load the WordPress theme and output it.
 *
 * @var bool
 */
define('WP_USE_THEMES', true);

/** Loads the WordPress Environment and Template */
require( dirname( __FILE__ ) . '/wp-blog-header.php' );

Wordfence has flagged it as malicious. It doesn’t look threatening but should I worry? I think I’ll change it back anyway.

Viewing 3 replies - 1 through 3 (of 3 total)

Thread Starter digbymaass
(@digbymaass)

9 years, 5 months ago

Ah I should have looked at the wordfence scan first. It flagged up a hacking attack in the file (not immediately visible). I’ve deleted it by reflex and now I can’t quote from the scan warning.

Thread Starter digbymaass
(@digbymaass)

9 years, 5 months ago

It’s back…

File appears to be malicious: wp-content/uploads/index.php
Filename: wp-content/uploads/index.php
File type: Not a core, theme or plugin file.
Issue first detected: 1 min ago.
Severity: Critical
Status New
This file appears to be installed by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: “$y1=”\x65\x78\x74r\x61\x63\x74″;$y1($bfl);if($eg4(@$sw[$c0])==$at)”. The infection type is: Backdoor/PHP:CookieBo.

How can I stop it?!

Thread Starter digbymaass
(@digbymaass)

9 years, 5 months ago

Ah… looks like my backup that I uploaded was infected. Stupid.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Changed index.php file in uploads folder’ is closed to new replies.

Tags