Support » Plugin: UpdraftPlus WordPress Backup Plugin » Wordfence Warning after update

  • Resolved PositiveMostOfTheTime

    (@positivemostofthetime)


    This is the warning I just got via Wordfence after the latest update of Updraft

    This file is a PHP executable file and contains the word ‘eval’ (without quotes) and the word ‘unpack’ (without quotes). The eval() function along with an encoding function like the one mentioned are commonly used by hackers to hide their code. If you know about this file you can choose to ignore it to exclude it from future scans.

    https://wordpress.org/plugins/updraftplus/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author David Anderson

    (@davidanderson)

    Hi PositiveMostOfTheTime,

    Please can you ask questions which involve WordFence in the WordFence forum? We have no knowledge of how WordFence works and how to weigh up if it is going you a valid or invalid warning.

    David

    Hi, I have the same alert from Wordfence, but I am not sure if it is after the Updraft update, because few hours before I found up in StatComm suspicious behaviour from
    IP address 198.27.65.153[ss2.cloudeh.com]:

    URL:	http://www.mysite.cz/pma/scripts/setup.php/
    Type:	Page not found
    Referrer:	http://mysite.cz/pma/scripts/setup.php
    Full Browser ID:	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
    Time:	13 hours 11 mins ago -- Mon, 03 Feb 14 22:02:17 +0000 -- 1391464937.260435 in Unixtime
    Secs since last hit:	2.2778
    URL:	http://www.mysite.cz/pma/scripts/setup.php/
    Type:	Normal request
    Referrer:	http://mysite.cz/pma/scripts/setup.php
    Full Browser ID:	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
    Time:	13 hours 11 mins ago -- Mon, 03 Feb 14 22:02:14 +0000 -- 1391464934.982625 in Unixtime
    Secs since last hit:	0.0000
    URL:	http://www.mysite.cz/myadmin/scripts/setup.php/
    Type:	Page not found
    Referrer:	http://mysite.cz/myadmin/scripts/setup.php
    Full Browser ID:	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
    Time:	13 hours 11 mins ago -- Mon, 03 Feb 14 22:02:14 +0000 -- 1391464934.982625 in Unixtime
    Secs since last hit:	2.3332
    URL:	http://www.mysite.cz/myadmin/scripts/setup.php/
    Type:	Normal request
    Referrer:	http://mysite.cz/myadmin/scripts/setup.php
    Full Browser ID:	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
    Time:	13 hours 11 mins ago -- Mon, 03 Feb 14 22:02:12 +0000 -- 1391464932.649379 in Unixtime
    Secs since last hit:	0.0000
    URL:	http://www.mysite.cz/phpMyAdmin/scripts/setup.php/
    Type:	Page not found
    Referrer:	http://mysite.cz/phpMyAdmin/scripts/setup.php
    Full Browser ID:	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
    Time:	13 hours 11 mins ago -- Mon, 03 Feb 14 22:02:12 +0000 -- 1391464932.649379 in Unixtime
    URL:	http://www.mysite.cz/phpMyAdmin/scripts/setup.php/
    Type:	Normal request
    Referrer:	http://mysite.cz/phpMyAdmin/scripts/setup.php
    Full Browser ID:	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
    
    and than the Wordfence sent an alert:
    
    Issue
    
    This file may contain malicious executable code
    
    Filename:	www.wordpress.cz/wp-includes/post.php
    File type:	Not a core, theme or plugin file.
    Issue first detected:	14 mins ago.
    Severity:	Critical
    Status	New
    
    This file is a PHP executable file and contains the word 'eval' (without quotes) and the word 'urldecode' (without quotes). The eval() function along with an encoding function like the one mentioned are commonly used by hackers to hide their code. If you know about this file you can choose to ignore it to exclude it from future scans.
    Tools: View the file. Delete this file (can't be undone).
      Select for bulk delete
    Resolve: I have fixed this issue Ignore until the file changes. Always ignore this file.
    
    This file may contain malicious executable code
    
    Filename:	www.wordpress.cz/wp-admin/includes/class-pclzip.php
    File type:	Not a core, theme or plugin file.
    Issue first detected:	14 mins ago.
    Severity:	Critical
    Status	New
    
    This file is a PHP executable file and contains the word 'eval' (without quotes) and the word 'unpack' (without quotes). The eval() function along with an encoding function like the one mentioned are commonly used by hackers to hide their code. If you know about this file you can choose to ignore it to exclude it from future scans.
    Tools: View the file. Delete this file (can't be undone).
      Select for bulk delete
    Resolve: I have fixed this issue Ignore until the file changes. Always ignore this file.
    
    This file may contain malicious executable code
    
    Filename:	www.wordpress.cz/wp-includes/class-simplepie.php
    File type:	Not a core, theme or plugin file.
    Issue first detected:	14 mins ago.
    Severity:	Critical
    Status	New
    
    This file is a PHP executable file and contains the word 'eval' (without quotes) and the word 'base64_decode' (without quotes). The eval() function along with an encoding function like the one mentioned are commonly used by hackers to hide their code. If you know about this file you can choose to ignore it to exclude it from future scans.
    Tools: View the file. Delete this file (can't be undone).
      Select for bulk delete
    Resolve: I have fixed this issue Ignore until the file changes. Always ignore this file.
    
    This file may contain malicious executable code
    
    Filename:	www.wordpress.cz/wp-includes/class-snoopy.php
    File type:	Not a core, theme or plugin file.
    Issue first detected:	14 mins ago.
    Severity:	Critical
    Status	New
    
    This file is a PHP executable file and contains the word 'eval' (without quotes) and the word 'urldecode' (without quotes). The eval() function along with an encoding function like the one mentioned are commonly used by hackers to hide their code. If you know about this file you can choose to ignore it to exclude it from future scans.
    Tools: View the file. Delete this file (can't be undone).
      Select for bulk delete
    Resolve: I have fixed this issue Ignore until the file changes. Always ignore this file.
    
    This file may contain malicious executable code
    
    Filename:	www.wordpress.cz/wp-includes/class-wp.php
    File type:	Not a core, theme or plugin file.
    Issue first detected:	14 mins ago.
    Severity:	Critical
    Status	New
    
    This file is a PHP executable file and contains the word 'eval' (without quotes) and the word 'urldecode' (without quotes). The eval() function along with an encoding function like the one mentioned are commonly used by hackers to hide their code. If you know about this file you can choose to ignore it to exclude it from future scans.
    Tools: View the file. Delete this file (can't be undone).
      Select for bulk delete
    Resolve: I have fixed this issue Ignore until the file changes. Always ignore this file.
    
    This file may contain malicious executable code
    
    Filename:	www.wordpress.cz/wp-admin/press-this.php
    File type:	Not a core, theme or plugin file.
    Issue first detected:	14 mins ago.
    Severity:	Critical
    Status	New
    
    This file is a PHP executable file and contains the word 'eval' (without quotes) and the word 'urldecode' (without quotes). The eval() function along with an encoding function like the one mentioned are commonly used by hackers to hide their code. If you know about this file you can choose to ignore it to exclude it from future scans.
    Tools: View the file. Delete this file (can't be undone).
      Select for bulk delete
    Resolve: I have fixed this issue Ignore until the file changes. Always ignore this file.
    
    This file may contain malicious executable code
    
    Filename:	wp-content/plugins/updraftplus/updraftplus.php
    File type:	Not a core, theme or plugin file.
    Issue first detected:	14 mins ago.
    Severity:	Critical
    Status	New
    
    This file is a PHP executable file and contains the word 'eval' (without quotes) and the word 'unpack' (without quotes). The eval() function along with an encoding function like the one mentioned are commonly used by hackers to hide their code. If you know about this file you can choose to ignore it to exclude it from future scans.
    Tools: View the file. Delete this file (can't be undone).
      Select for bulk delete
    Resolve: I have fixed this issue Ignore until the file changes. Always ignore this file.
    
    This file may contain malicious executable code
    
    Filename:	wp-content/plugins/wp-super-cache/wp-cache.php
    File type:	Not a core, theme or plugin file.
    Issue first detected:	14 mins ago.
    Severity:	Critical
    Status	New
    
    This file is a PHP executable file and contains the word 'eval' (without quotes) and the word 'base64_decode' (without quotes). The eval() function along with an encoding function like the one mentioned are commonly used by hackers to hide their code. If you know about this file you can choose to ignore it to exclude it from future scans.
    Tools: View the file. Delete this file (can't be undone).
      Select for bulk delete

    [Moderator Note: Please post log files between backticks or use the code button.]

    So I am afraid that the site is hacked

    cihar

    If you require assistance then, as per the Forum Welcome, please post your own topic.

    This topic has already been resolved.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Wordfence Warning after update’ is closed to new replies.