Weird contents of attack-data.php

  • Resolved Phil

    (@pjayo)


    12 months ago

    Hello. I had an outage yesterday. After disabling Wordfence the site came back online.

    looking for recently changed files, I am concerned about the file attack-data.php in /wp-content/wflogs

    which contains this PHP :

    <php? exit(“Access denied”); __halt_compiler(); ?>
    wfWAF^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@??^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@$

    —————

    Q) Is this expected please ?

    Q) why is it 40KB too

    Thanks

    Phil

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)
  • Thread Starter Phil

    (@pjayo)

    For info. all files in /wflogs

    .htaccess
    GeoLite2-Country.mmdb
    config-livewaf.php
    config-transient.php
    ips.php
    template.php
    attack-data.php
    config-synced.php
    config.php
    rules.php

    Plugin Support wfpeter

    (@wfpeter)

    Hi @pjayo, thanks for reaching out!

    Yes, it is normal for attack-data.php to be 40k in size, regularly updated, and mostly null bytes. It can sometimes present in notepad as whitespace, and may look slightly different in different editors – which might explain the repeated @^ above.

    If you are ever concerned about any files in there, the wflogs folder (or its contents) can be deleted entirely and the plugin will regenerate it within a few minutes.

    Thanks,
    Peter.

    Thread Starter Phil

    (@pjayo)

    Hi Peter. Many thanks for your reassurance and speedy reply.

    Phil

    Plugin Support wfpeter

    (@wfpeter)

    No worries @pjayo – thanks for your response and by all means start up a new topic any time if you have further Wordfence questions in future.

    Peter.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Weird contents of attack-data.php’ is closed to new replies.