Site has suspicious file in all directories .listing

  • Resolved kristinubute

    (@kristinubute)


    2 weeks, 2 days ago

    Hi

    I have a client site that has been running slow and 503 timeouts. Plugins are up to date and WordPress. Didn’t really think it had been compromised but thought I would install your plugin and investigate and scan.

    There was also an obsolete discontinued plugin that I wasn’t aware of. So I have removed that and installed another replacement plugin.

    The scan shows a file .listing in many directories … which shouldn’t be there.

    So when I go into File Manager I see this file that shouldn’t be there.

    So obviously the site has been compromised… maybe because of the discontinued plugin I wasn’t aware of.

    .listing file

    It is in nearly every directory and sub directory. I know I can remove manually that file and will take many hours.

    Is there another way maybe within your plugin to remove this UNWANTED and possibly malicious file in ALL directories?

    Hoping there is an option, otherwise the slow manual way I have already started to delete but thought I would ask.

    Thanks

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @kristinubute, thanks for asking about this.

    There is a possibility that wget during FTP transfers is set to create these .listing files, and I think they can also be created from ls commands. Certainly check your settings in case the normal act of uploading and using FTP for the site is the cause.

    They can be an indicator of compromize though which is why they may have been flagged. If you’re not sure, you could send one to our team at samples @ wordfence . com to see if there’s any further action you need to take.

    Many thanks,
    Peter.

    Thread Starter kristinubute

    (@kristinubute)

    Hi

    We have never used FTP for this client site ever.

    What else could be the possible cause? Is there an easy way to REMOVE all these .listing files in every directory?

    Thanks

    Hi @kristinubute,

    If you don’t mind, please allow me to help.

    To remove those .listing files, perform one of the following options:

    1. Contact your host. They should be happy to help you. If not, think twice about retaining them.
    2. Use Filezilla. Highly recommended. To download Filezilla, click here. Concerning your case, please read this link. To obtain/create your Filezilla login credentials, contact your host.

    After cleaning and/or removing those .listing files, clear all cache layers, log into your website in incognito or private mode, then perform another scan using Wordfence.

    If the above was helpful, kindly consider closing this topic as “Resolved.”

    Cheers,

    Note: I’m not affiliated with Wordfence. Simply offering goodwill support.

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.