deploy.wpfcc.13277

  • Resolved robertvg

    (@robertvg)


    2 years ago

    We maintain a site where every night a suspicious file is created with hacktool deploy.wpfcc.13277. After removal the php file is created again.
    How can we log or see from what ip addres(ses) this file is created so that we can block these ip addresses?
    And can we block access to specific files? I only see by ip address, hostnames, user agent, referrer.

Viewing 1 replies (of 1 total)
  • wfjoshc

    (@wfjoshc)

    Hi @robertvg

    Thanks for reaching out!

    You can check Live Traffic to see if this file is being uploaded through a file upload plugin if you have one.

    If you dont, or you dont see anything, then it appears you were breached through some other mean.

    Wordfence cannot detect when someone accesses your site through another plugin vulnerability, or if the file was uploaded through the database or cPanel.

    You are able to block access to certain URLs, that should be an option.

    I hope this helps to clarify.

    Thanks,

    Joshua

Viewing 1 replies (of 1 total)
  • The topic ‘deploy.wpfcc.13277’ is closed to new replies.