Malware in Cache File only

  • I have a site where I get a warning roughly every 24 hours about malware being on the site. In looking at the file it is always in the cache file. This is an example of the format, although the actual cached post is always different:

    * File contains suspected malware URL: /home/****/public_html/wp-content/wfcache/*******~~~~_wfcache.html

    Simply clearing the Falcon Engine Cache and rerunning the WF scan will give the site a clean bill of health. I have enabled all of the scanning options and nothing is found. Any ideas?

    https://www.ads-software.com/plugins/wordfence/

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter BobIMG

    (@bobimg)

    This issue has been continuing to present itself. The site in question is using the SAICO theme. Because the cache files are always the ones infected, I realized that the threat must be accessing the site externally (not through a backdoor logon, etc.). I found that this theme has a vulnerability which was announced last October. It allows for an arbitrary file upload. We’ll get to work picking out a new theme. Hopefully, WordFence will be able to help catch vulnerabilities such as these in the future (although it is already an amazing plugin!).

    I had the same problem, and the issue was coming from an external link to a hacked website.

    Cheers

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Malware in Cache File only’ is closed to new replies.