pagecache.log file keeps getting replaced with malicious version

  • [ Moderator note: moved to Fixing WordPress. ]

    Daily, and sometimes more often, I run a WF scan on my site files and get a warning that reads:

    “File appears to be malicious: /wp-content/cache/log/000000/pagecache.log

    This file has been installed by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: “viagra-online”. The infection type is: Spam:HTML/spamtags. If this file was detected because you have enabled “Scan images, binary, and other files as if they were executable”, which treats non-PHP files as if they were PHP code. This option is more aggressive than the usual scans, and may cause false positives.”

    All of my WP and WF files, themes, plug-ins, etc. are up-to-date and no problems are reported within any of the other site files when a WF scan is run.

    I delete this file, and it comes right back in less than a day.

    What do I need to do to prevent outsiders from injecting this file?

Viewing 1 replies (of 1 total)
  • Moderator t-p

    (@t-p)

    The Exploit Scanner plugin can help detect damage so that it can be cleaned up. Other things you should do:

    • Change passwords for all users, especially Administrators and Editors.
    • If you upload files to your site via FTP, change your FTP password.
    • Re-install the latest version of WordPress.
    • Make sure all of your plugins and themes are up-to-date.
    • Update your security keys.
    • See FAQ My Site Was Hacked.

    – Just cleaning out files isn’t enough. When you’re done, you may want to implement some (if not all) of the recommended security measures.

Viewing 1 replies (of 1 total)
  • The topic ‘pagecache.log file keeps getting replaced with malicious version’ is closed to new replies.