Suspicious obfuscated file

  • Resolved mary2867

    (@mary2867)


    2 years, 3 months ago

    For support staff and plugin development

    Since 2 days ago, the Wordfence security plugin shows 10 files corresponding to the cache plugin. The file path is: …/wp-content/cache/object/e08/3ef/e083efa25326a68fa29fccdc12184ef9.php</font></font>

    «This file appears to have been installed or modified by a hacker to perform malicious activity. If you know this file, you can choose to ignore it to exclude it from future analysis. The matching text in this file is: const _0x2ccc2=[‘userAgent’,’\x68\x74\x74\x70

    The type of problem is: Obfuscated:PHP/escape.http.14167

    Bitdefender detects them as: GT:JS.Acsogenixx.46.67F25E39

    ¿What should I do with these files?

    ¿Are they dangerous?

    ¿Can I delete them without damaging my website?

    Thank you,

    Mary

    • This topic was modified 2 years, 3 months ago by mary2867.
Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Contributor Marko Vasiljevic

    (@vmarko)

    2 years, 3 months ago

    Hello @mary2867

    Thank you for reaching out and I am happy to help!
    This is most likely a false positive. The W3 Total Cache only caches those objects.
    However, you can delete this file or better the entire /object/ folder from the /cache/ folder and see if the problem persists (don’t worry, the files will be re-generated)

    As a rule of thumb, it’s not recommended to use the Disk method for Object Caching so I would advise disabling OC or using memory-based caching like Redis or Memcached.

    Thanks!

    Thread Starter mary2867

    (@mary2867)

    2 years, 3 months ago

    Hello support team

    The problem has been solved with the indications you have given us.

    We have disabled the OC and Wordfence no longer detects threats. Now the page works properly.

    Thank you for your help.

    • This reply was modified 2 years, 3 months ago by mary2867.
Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Suspicious obfuscated file’ is closed to new replies.