Wordfence gave new issues on old files…

  • Resolved zampai

    (@zampai)


    8 years, 8 months ago

    Hello,

    This morning I was frightened by wordfence because it pointed out some issues concerning old files on my FTP : last modified dat : 2014-08.
    Wordfence is running on my website since more than one year. Why it did not found theses malicious files before?
    In order to reassure bloggers, it would be nice if Wordfence gives us a kind of “last accessed date to this file”. Because it is possible that these files are just “slipping” there, left behind after an old infection.
    Thx.

    File appears to be malicious: xxxx/wp-index.php
Filename:	xxxxx/wp-index.php
File type:	Not a core, theme or plugin file.
Issue first detected:	5 hours 2 mins ago.
Severity:	Critical
Status	New
This file appears to be installed by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: "$home_cwd = @getcwd(); if(isset($_POST['c'])) @chdir($_POST['c']); $cwd = @getcwd(); if($os == 'win')". The infection type is: G45 - Basic Backdoor

    https://www.ads-software.com/plugins/wordfence/

Viewing 2 replies - 1 through 2 (of 2 total)

  • Hi zampai,

    It is hard to know exactly why Wordfence found the issue based on the given information. However, it is very possible that the compromised files are a threat. As a general rule, you should never leave old, unneeded files on your server. Make a backup and store them elsewhere. It is also possible that a hacker could manipulate the create/modify/access dates of a file, depending on the server access they have obtained.

    I will put in a feature request for the “file last accessed” timestamp. I am going to go ahead and mark this thread resolved. But feel free to update with any additional information that might help us troubleshoot.

    Thread Starter zampai

    (@zampai)

    Thanks for your detailed answer.
    In my case I keep some old files on my server since they are many pictures from an old blog.
    My WP was hacked 3 years ago, this is why I have installed wordfence. It seems that it took 3 years for wordfence to find these old malicious files…

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Wordfence gave new issues on old files…’ is closed to new replies.