Support » Plugin: Wordfence Security » Is this log ok?

  • Salvatore

    (@darkwolf)


    Access in website i cannot see any problem, but this is the log received via email:

    Top 10 Failed Logins
    Username 	Login Attempts 	Existing User
    L’AltroWeb 	1 	No
    
    Recently Blocked Attacks
    Time 	IP / Action
    gennaio 16, 2017
    11:34am 	
    46.159.56.38 (Russian Federation)
    
    Blocked for Slider Revolution: Local File Inclusion
    
    View Recent Traffic
    Recently Modified Files
    Modified 	File
    gennaio 16, 2017 11:35am 	
    
    wp-content/wflogs/attack-data.php
    
    gennaio 16, 2017 11:34am 	
    
    wp-content/wflogs/ips.php
    
    gennaio 16, 2017 4:57am 	
    
    wp-content/wflogs/config.php

    wp-content/wflogs/config.php contain long string, no strange chars;

    wp-content/wflogs/ips.php contain unreadable chars:

    <?php exit('Access denied'); __halt_compiler(); ?>
              ÿÿO+øéoxW          ÿÿW(mÂ>X          ÿÿNºÅ8ÜAX          ÿÿO*k*XBX    ... etc!!!!

    wp-content/wflogs/attack-data.php contain prevalently null data;

    someone can help me to understood if all is ok?

    thanks in advance,
    S.N.

Viewing 5 replies - 1 through 5 (of 5 total)
  • bluebearmedia

    (@bluebearmedia)

    “Blocked for Slider Revolution: Local File Inclusion”

    From what I can see of what you posted, Wordfence properly blocked an attempted hack of the Slider Revolution plug-in (it’s an old exploit, but hackable on older version of the plug-in that may still be in use.)

    But if you aren’t using the most up-to-date version of Revolution Slider, then you need to upgrade it.

    (Note: I’m not part of Wordfence support, just a long time WF user.)

    Starhorsepax2

    (@starhorsepax2)

    I’m going to second this question. I have the same thing in email, but when I log in there is no evidence in the scan log of the modified files. I haven’t checked the files themselves since I can’t read them anyway but I’m concerned. I’m not sure why its reporting a modified file if the file was modified by Wordfence itself.

    Salvatore

    (@darkwolf)

    @bluebearmedia: indeed, i don’t have this plugin (i don’t know it). then, i think all is ok with this part, thanks! anyway, ill pre-ban entire ip network (my user are ita, russian federation can be banned) 😛

    • This reply was modified 1 year ago by  Salvatore.
    Salvatore

    (@darkwolf)

    @starhorsepax2: same doubt! :/

    Plugin Support wfalaa

    (@wfalaa)

    Files under (/wp-content/wflogs/) directory are related to the firewall configurations and it’s known for these files to get modified regularly, if you don’t want to see these files in the summary email, you can exclude this directory from the recently modified files list under (Wordfence > Options => Email Summary => Comma-separated list of directories to exclude from recently modified file list).

    @darkwolf regarding “wp-content/wflogs/ips.php” file contents, it could be that you are viewing this file with a different encoding than UTF-8, please try to select UTF-8 encoding in your text editor.

    Thanks.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Is this log ok?’ is closed to new replies.