Critical Problem

  • Resolved wprun

    (@wordpressrun)


    4 years, 6 months ago

    A scan has brought this up:

    Filename: wp-content/wflogs/config-transient.php
File Type: Not a core, theme, or plugin file from ww.wp.xz.cn.
Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The matched text in this file is: XBALTI

The issue type is: Phishing:PHP/xbalti.12091
Description: Content often seen in phishing infections

    How do I go about finding out if this site is hacked or if it is a false positive?

    Thanks

Viewing 4 replies - 1 through 4 (of 4 total)
  • WFSupport

    (@wfsupport)

    4 years, 6 months ago

    Thanks for reaching out. Can you send a copy of that file to wftest [at] wordfence [dot] com? Add your forum username (@wordpressrun) to the subject line and respond here when you have sent it. We’ll check.

    Tim

    Thread Starter wprun

    (@wordpressrun)

    4 years, 6 months ago

    Sent.

    Subject line: Request to check malicious file config-transient.php

    Thanks for checking.

    WFSupport

    (@wfsupport)

    4 years, 6 months ago

    Thanks for your patience while I was sorting this out. XBALTI was found in the file but it was part of a larger obfuscated string.

    This is the part of the string that contains “XBALTI” :

    BBoxLj4FKDMRPQQQAVMHIzFEXXBALTI9WW4laQdDDDAsRAcSbHx8Aw8WRH8dbgouFTkeQAF

    So it seems you are safe and you can choose to ignore this in the scan results. The scan will likely come back clean in the next several scans or the next time that file is updated and the obfuscated string changes.

    Tim

    Thread Starter wprun

    (@wordpressrun)

    4 years, 6 months ago

    Great Thanks Tim.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Critical Problem’ is closed to new replies.