Support » Plugin: Wordfence Security - Firewall & Malware Scan » Is our network getting hacked?

  • So this morning i saw a couple of errors that all seem to be related to some sort of cacheing.

    WordFence is telling me that they are backdoors they are all located in two folders /wp-content/cachexx and wp-content/cachex.

    I ftp into our server and found the folders and see that they have not been modified since 2014, is it safe to just delete these folders?

    
    File Size:	1,797 bytes
    File last modified:	Monday 15th of February 2010 11:30:29 PM
    
    /*YToxODp7aTowO086ODoic3RkQ2xhc3MiOjI6e3M6MjoiSUQiO2k6MTE7czoxMjoiZGlzcGxheV9uYW1lIjtzOjY6ImFjYW50dSI7fWk6MTtPOjg6InN0ZENsYXNzIjoyOntzOjI6IklEIjtpOjE7czoxMjoiZGlzcGxheV9uYW1lIjtzOjEzOiJDaXR5IG9mIFBoYXJyIjt9aToyO086ODoic3RkQ2xhc3MiOjI6e3M6MjoiSUQiO2k6MTI7czoxMjoiZGlzcGxheV9uYW1lIjtzOjg6ImNzYWxpbmFzIjt9aTozO086ODoic3RkQ2xhc3MiOjI6e3M6MjoiSUQiO2k6NjtzOjEyOiJkaXNwbGF5X25hbWUiO3M6MTE6IkRhdmlkRmxvcmVzIjt9aTo0O086ODoic3RkQ2xhc3MiOjI6e3M6MjoiSUQiO2k6MTY7czoxMjoiZGlzcGxheV9uYW1lIjtzOjg6ImVkZWxlb244Ijt9aTo1O086ODoic3RkQ2xhc3MiOjI6e3M6MjoiSUQiO2k6MTM7czoxMjoiZGlzcGxheV9uYW1lIjtzOjExOiJFbHNhU2FuY2hleiI7fWk6NjtPOjg6InN0ZENsYXNzIjoyOntzOjI6IklEIjtpOjE0O3M6MTI6ImRpc3BsYXlfbmFtZSI7czoxMjoiRWx2YUd1YWphcmRvIjt9aTo3O086ODoic3RkQ2xhc3MiOjI6e3M6MjoiSUQiO2k6MTU7czoxMjoiZGlzcGxheV9uYW1lIjtzOjExOiJHYWJlQ2FicmVyYSI7fWk6ODtPOjg6InN0ZENsYXNzIjoyOntzOjI6IklEIjtpOjU7czoxMjoiZGlzcGxheV9uYW1lIjtzOjEwOiJoZWFsdGhkZXB0Ijt9aTo5O086ODoic3RkQ2xhc3MiOjI6e3M6MjoiSUQiO2k6ODtzOjEyOiJkaXNwbGF5X25hbWUiO3M6NToiamFuaWUiO31pOjEwO086ODoic3RkQ2xhc3MiOjI6e3M6MjoiSUQiO2k6NztzOjEyOiJkaXNwbGF5X25hbWUiO3M6NzoibGlicmFyeSI7fWk6MTE7Tzo4OiJzdGRDbGFzcyI6Mjp7czoyOiJJRCI7aTo5O3M6MTI6ImRpc3BsYXlfbmFtZSI7czo3OiJsdG9ycmVzIjt9aToxMjtPOjg6InN0ZENsYXNzIjoyOntzOjI6IklEIjtpOjI7czoxMjoiZGlzcGxheV9uYW1lIjtzOjEyOiJseW5kZXJvYmVydHMiO31pOjEzO086ODoic3RkQ2xhc3MiOjI6e3M6MjoiSUQiO2k6MTg7czoxMjoiZGlzcGxheV9uYW1lIjtzOjk6Imx5bmRldGVzdCI7fWk6MTQ7Tzo4OiJzdGRDbGFzcyI6Mjp7czoyOiJJRCI7aTozO3M6MTI6ImRpc3BsYXlfbmFtZSI7czoxNToicGhhcnJncmVlbnN0YXJzIjt9aToxNTtPOjg6InN0ZENsYXNzIjoyOntzOjI6IklEIjtpOjQ7czoxMjoiZGlzcGxheV9uYW1lIjtzOjExOiJwdWJsaWN3b3JrcyI7fWk6MTY7Tzo4OiJzdGRDbGFzcyI6Mjp7czoyOiJJRCI7aToxMDtzOjEyOiJkaXNwbGF5X25hbWUiO3M6NzoidmFuZXNzYSI7fWk6MTc7Tzo4OiJzdGRDbGFzcyI6Mjp7czoyOiJJRCI7aToxNztzOjEyOiJkaXNwbGF5X25hbWUiO3M6NzoieXB1ZW50ZSI7fX0=*/
    

    Any Help is appreciated thank you

Viewing 1 replies (of 1 total)
  • Hi drozkyy,
    This file’s content you have shared seems to be encoded with base64 format, after decoding it, I can see it can be used later with SQL injection attacks type, I’m not sure if there are some caching plugins that could be responsible for this or not, but I recommend removing these files in general.

    Thanks.

Viewing 1 replies (of 1 total)
  • The topic ‘Is our network getting hacked?’ is closed to new replies.