Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • December 22, 2016 at 4:11 pm #727569
    strengthcoaching

    HELP! I’m getting emails from Wordfence that say the following… What do I do and should I be concerned???

    1.
    This email was sent from your website “Strength In Numbers” by the Wordfence plugin.

    Wordfence found the following new issues on “Strength In Numbers”.

    Alert generated at Wednesday 21st of December 2016 at 01:44:15 AM

    Critical Problems:

    * File appears to be malicious: wp-content/wp-zelf.php

    2.
    This email was sent from your website “Strength In Numbers” by the Wordfence plugin.

    Wordfence found the following new issues on “Strength In Numbers”.

    Alert generated at Thursday 22nd of December 2016 at 01:27:18 AM

    Critical Problems:

    * WordPress core file modified: wp-includes/theme.php

    * File appears to be malicious: wp-admin/includes/page.php

    * File appears to be malicious: wp-admin/js/template.php

    * File appears to be malicious: wp-content/plugins/gravityforms/print-entry.php

    * File appears to be malicious: wp-content/plugins/jetpack/class.jetpack.php

    * File appears to be malicious: wp-content/plugins/wordfence/lib/menu_sitePerf.php

    * File appears to be malicious: wp-content/uploads/2014/global.php

    * File appears to be malicious: wp-content/uploads/delightful-downloads/2015/05/index.php

    * File appears to be malicious: wp-includes/SimplePie/Content/sql.php

    * File appears to be malicious: wp-includes/SimplePie/XML/diff47.php

    * File appears to be malicious: wp-includes/images/wlw/template98.php

    * File appears to be malicious: wp-includes/random_compat/test.php

    * File appears to be malicious: wp-includes/theme.php

    Warnings:

    * Unknown file in WordPress core: wp-admin/includes/page.php

    * Unknown file in WordPress core: wp-admin/js/template.php

    * Unknown file in WordPress core: wp-includes/SimplePie/Content/sql.php

    * Unknown file in WordPress core: wp-includes/SimplePie/XML/diff47.php

    * Unknown file in WordPress core: wp-includes/images/wlw/template98.php

    * Unknown file in WordPress core: wp-includes/random_compat/test.php

    December 23, 2016 at 12:31 am #727728
    alibear11

    I know somebody today whose site has been hacked (not a kriesi theme) and if you visit it on a fresh ip it redirects to an amazon gift voucher offer or similar, they also have this file and are in the process of trying to figure out if it’s the problem. It looks like it is.

    Edit – Sorry, I was just talking about the wp-zelf.php, I’m not sure about the others.

    • This reply was modified 7 years, 11 months ago by alibear11.
    December 23, 2016 at 7:18 am #727837
    Rikard

    Hi,

    I looks like your site has been compromised yes, for instance the first file you mentioned is not a WordPress file: wp-content/wp-zelf.php

    Does WordFence have a cleaning service? If so I would try using it.

    Best regards,
    Rikard

  • Author
    Posts
Viewing 3 posts - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.