Hacked wflog files?

  • Resolved Darryl.R

    (@darrylr)


    6 years, 5 months ago

    Hi there

    After emails not reaching users, my host discovered that it’s servers were blocked by spamhaus.org.

    They are pointing to the below files being infected.

    /wflogs/ips.php: YARA.eitest_injection_1.UNOFFICIAL FOUND
/wflogs/attack-data.php: YARA.eitest_injection_1.UNOFFICIAL FOUND
/wflogs/config.php: YARA.eitest_injection_1.UNOFFICIAL FOUND
/wflogs/rules.php: YARA.eitest_injection_1.UNOFFICIAL FOUND

    I’ve copied the files for record, but could I just delete these files on the server?

    Thanks

Viewing 4 replies - 1 through 4 (of 4 total)

  • Hi Darryl,

    In order to determine for certain whether or not this is a false positive, we would appreciate if you’d archive these files and send them to [email protected] and we’ll let you know if there’s any further cause for concern.

    Thanks!

    Hi Darryl,

    We didn’t find any evidence that those files are infected; however, we were wondering if you could also provide the rules used on your host so we can double-check those as well, just to be on the safe side.

    Thanks!

    Thread Starter Darryl.R

    (@darrylr)

    Hi Wfchar

    My host is determined that we have been hacked – I’ve emailed you another sample of the code with the rules and other files in the directory.

    Thanks

    Thread Starter Darryl.R

    (@darrylr)

    Hi Wfchar

    Please ignore, the host was scanning an old version of the site they had not removed after migrating to a new server.

    Thanks

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Hacked wflog files?’ is closed to new replies.