Possible Vulnerability

Hello @williamews

Thank you for reaching out and I am happy to assist you with this.
The content in the page_enhanced folder is the website pages that are being cached by the W3 Total Cache Page Caching ability.
Those are most certainly not the files/folders W3 Total Cache creates unless those are the names of your website pages.
You should delete the entire page_enhanced folder and switch the caching to Disk: Basic and see if those are still being cached.
Please make sure to share your website URL.

Thanks!

Hi. Thanks for the support!

I have already deleted those folders ending in “php” and the corresponding domain prefix in the W3 Total Cache folder “cache/page_enhanced”.

However, as I mentioned, there are no files or folders in the root and public html folders of the site that confirm that they were cached by W3 Total Cache from the site’s pages… I have even verified and can confirm I could see any pages ending in “php” in the WordPress pages list.

I may be wrong, but I’m afraid this may be a vulnerability in W3 Total Cache plugin… This is clearly a hacking trace or sign… And moreover, after deleting these folders, everyday new folders of that sort are found in the W3 Total Cache folder… I’m wondering where they are coming from and why they are only found in the W3 Total Cache folder “cache/page_enhanced”.

I should also mention that I have added

# Disable PHP File Execution From a Folder
<Files *.php>
deny from all
</Files>

To disable the execution of php file in some directories. So it may be the hackers are attempting to execute some php files and are not able to do so, and they are trying to create folders instead of files.

I would like to hear back from you on this.

Thank you!

Hello @vmarko ? When are you going to respond to this? This issue was not resolved.

Thank you!

• This reply was modified 2 years, 1 month ago by xtensions.