Title: Malware in /wflogs/attack-data.php?
Last modified: March 20, 2017

---

# Malware in /wflogs/attack-data.php?

 *  [AMX](https://wordpress.org/support/users/lightscapes/)
 * (@lightscapes)
 * [9 years, 2 months ago](https://wordpress.org/support/topic/malware-in-wflogsattack-data-php/)
 * Hi,
    My hosting company has informed me that this path contains malware and they
   restricted access to this file. I tried to download it through FTP, I got disconnected
   a few times but finally succeeded.
 * wp-content/wflogs/attack-data.php
 * In Notepad++ this file looks like this:
 * <?php exit(‘Access denied’); __halt_compiler(); ?>
    wfWAF NULNULNULNULNULNULœNULNULNUL…
   and several pages of NULNUL…. Normal Notepad shows empty spaces instead of NUL.
 * I checked the same file on another website and on another host. They are all 
   the same and have 40.083 bytes.
 * Is it a false alarm or something to worry?
    Wordfence hasn’t recorded any admin
   logins from suspicious IPs. My FTP password is long and difficult to brute-force.
    -  This topic was modified 9 years, 2 months ago by [AMX](https://wordpress.org/support/users/lightscapes/).

Viewing 2 replies - 76 through 77 (of 77 total)

[←](https://wordpress.org/support/topic/malware-in-wflogsattack-data-php/page/5/?output_format=md)
[1](https://wordpress.org/support/topic/malware-in-wflogsattack-data-php/?output_format=md)
[2](https://wordpress.org/support/topic/malware-in-wflogsattack-data-php/page/2/?output_format=md)
[3](https://wordpress.org/support/topic/malware-in-wflogsattack-data-php/page/3/?output_format=md)
[4](https://wordpress.org/support/topic/malware-in-wflogsattack-data-php/page/4/?output_format=md)
[5](https://wordpress.org/support/topic/malware-in-wflogsattack-data-php/page/5/?output_format=md)
6

 *  [peripateticfrasmotic](https://wordpress.org/support/users/peripateticfrasmotic/)
 * (@peripateticfrasmotic)
 * [9 years, 2 months ago](https://wordpress.org/support/topic/malware-in-wflogsattack-data-php/page/6/#post-8945341)
 * I receibed a follow up email from 1&1 a few hours later saying it was a false
   positive – but I have today received yet another identical notification of a 
   supposed attack.
 *  [wfasa](https://wordpress.org/support/users/wfasa/)
 * (@wfasa)
 * [9 years, 2 months ago](https://wordpress.org/support/topic/malware-in-wflogsattack-data-php/page/6/#post-8947746)
 * Thanks for the updates everyone. Glad to hear it sounds like your scans are working
   now as well.
 * For people just arriving to this thread: A false positive warning was sent out
   from 1&1 to customers regarding the Wordfence file attack-data.php. They also
   changed permissions on this file. Everything was looking like it was fixed for
   a while, then it appears that 1&1 accidentally sent out the incorrect warning
   again by accident.
 * If you are not having any issues with Wordfence, you can ignore the warning from
   1&1 regarding attack-data.php. If you are having issues, check with 1&1 to verify
   that permissions on the file has been restored. If you at this point continue
   having issues, you can try deleting wflogs folder in wp-content and let it be
   recreated. PLEASE NOTE that this will completely reset your Firewall. If that
   doesn’t help, please type up a summary of your issues and post a new thread here
   in the support forum.
 * Thanks!

Viewing 2 replies - 76 through 77 (of 77 total)

[←](https://wordpress.org/support/topic/malware-in-wflogsattack-data-php/page/5/?output_format=md)
[1](https://wordpress.org/support/topic/malware-in-wflogsattack-data-php/?output_format=md)
[2](https://wordpress.org/support/topic/malware-in-wflogsattack-data-php/page/2/?output_format=md)
[3](https://wordpress.org/support/topic/malware-in-wflogsattack-data-php/page/3/?output_format=md)
[4](https://wordpress.org/support/topic/malware-in-wflogsattack-data-php/page/4/?output_format=md)
[5](https://wordpress.org/support/topic/malware-in-wflogsattack-data-php/page/5/?output_format=md)
6

The topic ‘Malware in /wflogs/attack-data.php?’ is closed to new replies.

 * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865)
 * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wordfence/)
 * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/)

 * 77 replies
 * 32 participants
 * Last reply from: [wfasa](https://wordpress.org/support/users/wfasa/)
 * Last activity: [9 years, 2 months ago](https://wordpress.org/support/topic/malware-in-wflogsattack-data-php/page/6/#post-8947746)
 * Status: not resolved