Support » Plugin: Wordfence Security - Firewall & Malware Scan » wso.php found in Web Usage Log?

  • Resolved wzshop

    (@wzshop)


    Hi,
    I was recently just checking around at my direct admin (webhosting) environment for errors in the logs when I found the below line in the Web Usage Log
    "....GET /wp-content/wso.php HTTP/1.1" 404 33428 "http://site.ru...."

    Because site.ru seemed suspicious to me, I started to Google it and found that it might be a malicious file. I have not noticed anything weird on my site so now my question is; Does the line above mean that my site has been hacked or that someone was trying to hack it?

    Anyone?
    Thanks

Viewing 2 replies - 1 through 2 (of 2 total)
  • Hey @wzshop,

    This doesn’t indicate the site is hacked. It indicates that a bot was trying to locate and exploit that file. The access log shows the attempt returned a 404, so the file isn’t there. These are just mindless bots probing sites to find ones where exploit it available.

    Please let me know if you have any other questions.

    Thanks,

    Gerroald

    Hey @wfgerald,
    Thanks a lot for clarifying that!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘wso.php found in Web Usage Log?’ is closed to new replies.