Unsafe File Found Today but has Been There for many Months

  • Resolved CGS Web Designs

    (@cgscomputers)


    3 years, 7 months ago

    One of my sites was alerted today that an unsafe file was found, when I checked the file it appears to have been there since last June. The file was a PHP that outputted the document root upon execution – nothing more.

    There were no other findings on my site, even in high sensitivity mode – and I’m pretty sure I put the file there myself back in June while I was confirming my document root for another project.

    My question is why is it just now being discovered? How has Wordfence missed this for 9 months?

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Support wfphil

    (@wfphil)

    Hi @cgscomputers

    This is most likely due to a new signature.

    Plugin Support wfphil

    (@wfphil)

    Hi @cgscomputers

    Also, click on the “DETAILS” button in the scan result and let me know what it says on the line “The issue type is:”

    Thread Starter CGS Web Designs

    (@cgscomputers)

    Thanks for the reply, I forgot the exact verbiage of the details as I’ve already removed the file & rescanned the site so it’s gone. I recreated it and re-ran the scan to get the output details for you (and now I’m pretty convinced I’m the one who put it there because my auto-fill on my browser even remembered the file name when I created a new file).

    The issue type is: IOC:PHP/server.check.10173

    The main question is just why it took so long for Wordfence to alert on it – if it’s the result of a new signature, then that makes sense.

    Plugin Support wfphil

    (@wfphil)

    Hi @cgscomputers

    Thank you for the update.

    That is a new signature that was made available to users of the free version of the plugin on the 4th of April 2021.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Unsafe File Found Today but has Been There for many Months’ is closed to new replies.