Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • June 7, 2018 at 7:01 pm #969744
    richardwilding

    Dear Kriesi,

    My server administrator has alerted me to suspicious activity in the file “dynamic_avia”

    He says that the server has not been hacked, but that the file has somehow been modified. Do you know what the reason could be and how the file is vulnerable?

    I’m including his report below.

    Thanks, Richard

    AIDE found differences between database and filesystem!!
    Start timestamp: 2018-05-22 03:20:19

    Summary:
    Total number of files: 111858
    Added files: 0
    Removed files: 0
    Changed files: 2

    —————————————————
    Changed files:
    —————————————————

    changed: /var/log/lastlog
    changed: /var/www/wordpress/wp-content/uploads/dynamic_avia

    ————————————————–
    Detailed information about changes:
    —————————————————

    File: /var/log/lastlog
    Mtime : 2018-05-15 16:25:31 , 2018-05-21 16:47:54
    Ctime : 2018-05-15 16:25:31 , 2018-05-21 16:47:54
    MD5 : +RbvgDbCpi6Ko/7eoEuF/w== , ge8keU6MvEkNx4FDyOnqZw==
    SHA256 : QLghCMenXhMfx01lAfjgsh+EchOgeGQS , HiBJ4PEC0SHErgcx+1eIDVapQ/zPEOun

    Directory: /var/www/wordpress/wp-content/uploads/dynamic_avia
    Ctime : 2018-05-15 16:06:44 , 2018-05-21 16:54:53

    June 9, 2018 at 5:19 am #970254
    Rikard

    Hey Richard,

    That file changes when you update Quick CSS or theme styling settings, could that be it maybe?

    Best regards,
    Rikard

  • Author
    Posts
Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.