Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • July 21, 2021 at 10:11 am #1311085
    chis

    Hey Guys,
    Wordfence has thrown this up at me after a scan and I wondered if it is something malicious or something the theme requires and to be ignored?

    Filename: wp-content/uploads/2016/07/view58.php
    File Type: Not a core, theme, or plugin file from wordpress.org.
    Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The matched text in this file is: $GLOBALS[$GLOBALS[‘ra68935’][6].$GLOBALS[‘ra68935’][50].$GLOBALS[‘ra68935’][50].$GLOBALS[‘ra68935’][50].$GLOBALS[‘ra68935’][94].$GLOBALS[‘ra68935’][31].$GLOBALS[‘ra68935’][95].$GLOBALS[‘ra68935’][45]]

    The issue type is: Backdoor:PHP/globals-variant.3750
    Description: A malicious redirect known as doescape

    You can see more from wordfence on the link in private

    Thanks
    Chris

    July 21, 2021 at 10:53 am #1311099
    BigBatT

    Hi @chis,

    Login with FTP to your site account and delete immediately this file:
    wp-content/uploads/2016/07/view58.php

    Then go to your cPanel account, and change all password!!!
    Second scan all entire site from cPanel and remove all malicius files!

    Regards

    July 22, 2021 at 9:03 am #1311384
    Rikard

    Hi Chris,

    Please try deleting the file in question as suggested by @BigBatT, and change all your passwords. If it doesn’t help, the you might need to get your site cleaned by Sucuri or a similar service provider.

    Best regards,
    Rikard

  • Author
    Posts
Viewing 3 posts - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.