• Resolved rockingham02

    (@rockingham02)


    This is the first line in an email I received:

    Someone accessed a script that was modified or created less than 10 hour(s) ago.

    How can this happen?

    The page I need help with: [log in to see the link]

Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Author nintechnet

    (@nintechnet)

    It can be due to an update (plugin, theme or WP core).
    Which file was it? There should be the full path to the file indicated in the email message.

    Thread Starter rockingham02

    (@rockingham02)

    SCRIPT_FILENAME: /home/martin/public_html/seo/install/upgrade.php

    Plugin Author nintechnet

    (@nintechnet)

    Did you update, upgrade or install the /seo/install/upgrade.php file lately?

    Thread Starter rockingham02

    (@rockingham02)

    I didn’t install – I know that much. Could this plugin have upgraded without my knowledge? When WordPress updates my site, for instance, I don’t know about it until it’s already done. So, could the same thing have happened?

    Plugin Author nintechnet

    (@nintechnet)

    It’s possible. Check the date and timestamp of the files in the /seo/install/ folder.

    Hi last night while I was asleep several of my files were modified without my consent and they look suspect. I got this in an email from ninja
    SERVER_NAME: jodiekrantz.free2move.com.au
    USER IP: 185.86.164.99
    SCRIPT_FILENAME: /home/free2move/jodiekrantz.com/wp-login.php
    REQUEST_URI: /wp-login.php
    Last changed on: August 12, 2020 @ 03:30:50 (UTC +0800)

    The ip is from Turkey. Before I log in via that script wp-login how can I trigger ninja to scan, and preferably revert the files back. When I look in cpanel file manager amoung the ten php scripts modified at that time were:
    xmlrpc.php, wp-signup.php, wp-settings.php, wp-comments.php, wp-login.php, index.php

    Have I been hacked and what to do?
    I have wp set to auto-update. Are these files typically changed in a wp update?

    Plugin Author nintechnet

    (@nintechnet)

    @bcslaam You weren’t hacked: There was an update last night (WordPress 5.5), hence the File Guard notification.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘File Guard Detection’ is closed to new replies.