WordPress.org

Support

Support » Plugins and Hacks » scan failed

scan failed

Viewing 5 replies - 1 through 5 (of 5 total)
  • What were the contents of the file?

    Malware scans are typically signature based, if this was a new string of malicious code it might not have been picked up.

    Well … I don’t know the content of the files as my PC even refused to edit them. I mean I’m not speaking about lines of code injected in already existing files. I’m speaking about completely new files and, apart from the content of these files, I expected from wordfence a comparative scan able to detect strange named php files on a core folder of the wordpress installation, in particular on a css folder where php files shouldn’t be at all.

    Ok, in this case, if you are seeing files in wp-includes that shouldn’t be there then you should remove them.

    To better determine what files should and should not be present you can use this trick in Filezilla:

    http://blog.sucuri.net/2012/11/website-malware-removal-ftp-tips-tricks.html

    Have a fresh copy of WordPress on the left and browse your site files on the right and then press Ctrl+O – the green/white files match and the yellow files will be out of place.

    As for Wordfence finding .PHP files with strange names, I am not sure if this is something Wordfence does. Random/strange filenames is only a proxy indicator for malware, though, and does not always indicate an infection (take, for instance, cache files which tend to have very random and strange names)

    The trick is awesome … you changed my life. Really 🙂

    As for Wordfence, probably you are right. I gave it as granted that it performed a comparison scan on core folders that, unless you are a very reckless webmaster, shouldn’t change. But maybe not.

    Anyway Wordfence is fantastic in the real time alerting system. Recently got 2 hackers while they were hacking thanks to this. Remarkable 🙂

    Yeah, it’s a very handy tool 🙂

    There’s really no reason to have any out-of-place files in wp-includes – In infected sites I find most often they are spam related files.

    If you’re not sure about a certain file feel free to pastebin here and I can take a look.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘scan failed’ is closed to new replies.