Suspicious files

  • Resolved johnmandarine

    (@johnmandarine)


    4 years, 1 month ago

    Hello,

    Several day ago, your scanner found an hide script

    Today I scanned the website and anti-malware found a lot of files. For example :

    – wp-content/plugins/sitepress-multilingual-cms/classes/support/class-wpml-support-info-ui.php (PHP.eval.extASCII)
    – wp-content/plugins/sitepress-multilingual-cms/locale/sitepress-vi.mo (PHP.eval.extASCII)
    -wp-content/themes/Divi/includes/builder/scripts/ext/jquery.tablesorter.min.js (PHP.eval.extASCII)
    – wp-content/nfwlog/cache/backup_1603432466_5f9270121f7312.24430599.php (WordPress.instagram.backdoor)
    – e-commerce/js/jquery/plugins/jqzoom/jquery.jqzoom.js (PHP.eval.extASCII)

    Do you think we are infected ? And what can I do to secure the website ? (We have Ninjafirewall)
    Thanks

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author nintechnet

    (@nintechnet)

    They all look like false positives. We uploaded some new signatures yesterday and one of them (PHP.eval.extASCII) is throwing too many false positives with some plugins. We have updated the signatures just now. Try to scan your site again in approximately one hour, the plugin will refresh its signatures list and the warning should go away.
    Also, I recommend to add /nfwlog/ to NinjaScanner’s “Ignore files/folders” list in the “Settings” tab, because if you scan NinjaFirewall’s logs, you will likely get some warning as they contain blocked threats which may trigger the antimalware.

    Thread Starter johnmandarine

    (@johnmandarine)

    All is ok now !

    Many thanks for you help

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Suspicious files’ is closed to new replies.