Title: walied's Replies | WordPress.org

---

# walied

  [  ](https://wordpress.org/support/users/walied/)

 *   [Profile](https://wordpress.org/support/users/walied/)
 *   [Topics Started](https://wordpress.org/support/users/walied/topics/)
 *   [Replies Created](https://wordpress.org/support/users/walied/replies/)
 *   [Reviews Written](https://wordpress.org/support/users/walied/reviews/)
 *   [Topics Replied To](https://wordpress.org/support/users/walied/replied-to/)
 *   [Engagements](https://wordpress.org/support/users/walied/engagements/)
 *   [Favorites](https://wordpress.org/support/users/walied/favorites/)

 Search replies:

## Forum Replies Created

Viewing 1 replies (of 1 total)

 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[W3 Total Cache] [Plugin: W3 Total Cache] W3 total cache and security](https://wordpress.org/support/topic/plugin-w3-total-cache-w3-total-cache-and-security/)
 *  [walied](https://wordpress.org/support/users/walied/)
 * (@walied)
 * [14 years, 5 months ago](https://wordpress.org/support/topic/plugin-w3-total-cache-w3-total-cache-and-security/#post-2418608)
 * I’m facing the same issue, spamming link such as posting in comments was posted
   below the header of my site, when search for them through ssh I found them in
   public_html/wp-content/w3tc/pgcache/6/a/c/6ac2c5172bd2c18d7c9ff26a128d6c11
    When
   I disable the w2tc pluging they go, when I enable it they come in the same place
   content/w3tc/pgcache/6/a/c/6ac2c5172bd2c18d7c9ff26a128d6c11
 * when I run the exploid scanner this was the comment regarding w2tc
 * wp-content/plugins/w3-total-cache/lib/JSON.php:22
    Often used to execute malicious
   code * Javascript, and can be directly eval()’ed with no further parsing wp-content/
   plugins/w3-total-cache/lib/Microsoft/WindowsAzure/Credentials/CredentialsAbstract.
   php:111 Used by malicious scripts to decode previously obscured data/programs
   $this->_accountKey = base64_decode($accountKey); wp-content/plugins/w3-total-
   cache/lib/Microsoft/WindowsAzure/Credentials/CredentialsAbstract.php:135 Used
   by malicious scripts to decode previously obscured data/programs $this->_accountKey
   = base64_decode($value); wp-content/plugins/w3-total-cache/lib/Microsoft/WindowsAzure/
   Storage/Queue.php:467 Used by malicious scripts to decode previously obscured
   data/programs base64_decode((string)$xmlMessages[$i]->MessageText) wp-content/
   plugins/w3-total-cache/lib/Microsoft/WindowsAzure/SessionHandler.php:150 Used
   by malicious scripts to decode previously obscured data/programs return base64_decode(
   $sessionRecord->serializedData); wp-content/plugins/w3-total-cache/lib/Minify/
   FirePHP.php:1035 Often used to execute malicious code * Javascript, and can be
   directly eval()’ed with no further parsing wp-content/plugins/w3-total-cache/
   lib/Nusoap/class.soapclient.php:711 Often used to execute malicious code eval(
   $evalStr); wp-content/plugins/w3-total-cache/lib/Nusoap/class.soapclient.php:
   713 Often used to execute malicious code eval(“\$proxy = new nusoap_proxy_$r(”
   wp-content/plugins/w3-total-cache/lib/Nusoap/nusoap.php:4047 Often used to execute
   malicious code ug(‘in invoke_method, calling function using eval()’); wp-content/
   plugins/w3-total-cache/lib/Nusoap/nusoap.php:4051 Often used to execute malicious
   code #039;in invoke_method, calling class method using eval()’); wp-content/plugins/
   w3-total-cache/lib/Nusoap/nusoap.php:4054 Often used to execute malicious code
   9;in invoke_method, calling instance method using eval()’); wp-content/plugins/
   w3-total-cache/lib/Nusoap/nusoap.php:4073 Often used to execute malicious code
   [@eval](https://wordpress.org/support/users/eval/)($funcCall); wp-content/plugins/
   w3-total-cache/lib/Nusoap/nusoap.php:7020 Used by malicious scripts to decode
   previously obscured data/programs return base64_decode($value); wp-content/plugins/
   w3-total-cache/lib/Nusoap/nusoap.php:7867 Often used to execute malicious code
   eval($evalStr); wp-content/plugins/w3-total-cache/lib/Nusoap/nusoap.php:7869 
   Often used to execute malicious code eval(“\$proxy = new nusoap_proxy_$r(” wp-
   content/plugins/w3-total-cache/lib/Nusoap/class.soap_parser.php:504 Used by malicious
   scripts to decode previously obscured data/programs return base64_decode($value);
   wp-content/plugins/w3-total-cache/lib/W3/PgCache.php:1284 Often used to execute
   malicious code $result = eval($code); wp-content/plugins/w3-total-cache/pub/js/
   metadata.js:92 Often used to execute malicious code data = eval(“(” + data + “)”);
   wp-content/plugins/w3-total-cache/pub/js/metadata.js:99 Often used to execute
   malicious code data = eval(“(” + data + “)”); wp-content/plugins/twitter-tools/
   OAuth.php:202 Used by malicious scripts to decode previously obscured data/programs
   $decoded_sig = base64_decode($signature);
 * Now when you go to you wp-include there would be a file called wp-image.php that
   file was included in the general-template.php
 * (@include “wp-image.php”;)
 * Solution : delete the (@include “wp-image.php”;) . Then delete the entire wp-
   image.php file
 * The wp-image.php is not a wp original file, it is encrypted, calles these spamms
   from other site and prevent to display them from regular users. I would probably
   got their because of w3tc pluging or any other plugin.
 * I hope this is helpful for someone

Viewing 1 replies (of 1 total)