Support » Plugin: Wordfence Security - Firewall & Malware Scan » what is a “f649 infection” ?

  • Hi, related to my previous thread about the firewall configuration problem, on the same server if I deep scan it I see alerts like this:
    =================================================
    Filename: mail/_install.php
    File type: Not a core, theme or plugin file.
    Issue first detected: 7 hours 24 mins ago.
    Severity: Critical
    Status New

    This file appears to be installed by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: “${“\x47LO\x42\x41\x4cS”}[“. The infection type is: f649 infection
    =================================================

    I’d like to know what is this kind of infection. I know the encoded exploit above, but how can I trace the culprit?

    Thank you.

Viewing 2 replies - 1 through 2 (of 2 total)
  • {user removed}

    • This reply was modified 2 years, 11 months ago by  bluebearmedia.

    Hi webby,
    most of the time the culprit is a theme or plugin so if you are continuously getting files edited on your site I would start by disabling all plugins that have not been updated in the past month or so. I would also change all my passwords. Then you wait and see.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘what is a “f649 infection” ?’ is closed to new replies.