Recurring malware file

  • Resolved alvalyn

    (@alvalyn)


    10 years, 5 months ago

    My hosting service says they can’t help me with this.

    My Wordfence scans send me a recurring malware alert. I remove the file and then it’s back again a day or two later. I remove it again.

    I don’t know how to find out where this is coming from or what I can do to permanently prevent the file from being added.

    Here is the alert from Wordfence:

    File contains suspected malware URL: /hermes/waloraweb086/b946/moo.alvalyn/stats/webalizer.current
    Filename: stats/webalizer.current
    Bad URL: http://kaaz.eu/lion-de-judah/
    File type: Not a core, theme or plugin file.
    Issue first detected: 8 hours 28 mins ago.
    Severity: Critical
    Status New
    This file contains a suspected malware URL listed on Google’s list of malware sites. Wordfence decodes base64 when scanning files so the URL may not be visible if you view this file. The URL is: http://kaaz.eu/lion-de-judah/ – More info available at Google Safe Browsing diagnostic page.

    The malware shows up in the stats folder.

    My web site: http://alvalyn.com

    Thank you for any suggestions about this.

    https://wordpress.org/plugins/wordfence/

Viewing 1 replies (of 1 total)
  • Plugin Author WFMattR

    (@wfmattr)

    10 years, 5 months ago

    Sorry to hear about the problem — first make sure that all of your themes and plugins (and WordPress itself) are up to date, and if you have any old plugins and themes, it is usually best to remove them.

    We have a guide for cleaning hacked sites here, which includes using deeper Wordfence scans, which may be helpful:
    How to clean a hacked site using Wordfence

    Depending on the host and your type of access, you might not be able to do all of the items listed, but the section “How to clean your hacked WordPress site with Wordfence” uses only Wordfence.

    If you don’t have a backup of the site, it is best to save one before deleting any files. The backup may contain bad files too, but if you remove any important files, you will have a copy of those just in case.

    If you have questions on any of the scan results — if you’re not certain that a file is bad — tell us what the results say before removing it. If it’s a new file that wasn’t found in a regular scan, we can also add it to future scans if you send us a copy. If you’re given the option to replace a file with the original, that should be safe.

    Also, if you know where to find the “access log” from your site, I may be able to find suspicious files that were recently accessed. My email is mattr (at) wordfence.com

    -Matt R

Viewing 1 replies (of 1 total)

The topic ‘Recurring malware file’ is closed to new replies.