Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #727569

    HELP! I’m getting emails from Wordfence that say the following… What do I do and should I be concerned???

    1.
    This email was sent from your website “Strength In Numbers” by the Wordfence plugin.

    Wordfence found the following new issues on “Strength In Numbers”.

    Alert generated at Wednesday 21st of December 2016 at 01:44:15 AM

    Critical Problems:

    * File appears to be malicious: wp-content/wp-zelf.php

    2.
    This email was sent from your website “Strength In Numbers” by the Wordfence plugin.

    Wordfence found the following new issues on “Strength In Numbers”.

    Alert generated at Thursday 22nd of December 2016 at 01:27:18 AM

    Critical Problems:

    * WordPress core file modified: wp-includes/theme.php

    * File appears to be malicious: wp-admin/includes/page.php

    * File appears to be malicious: wp-admin/js/template.php

    * File appears to be malicious: wp-content/plugins/gravityforms/print-entry.php

    * File appears to be malicious: wp-content/plugins/jetpack/class.jetpack.php

    * File appears to be malicious: wp-content/plugins/wordfence/lib/menu_sitePerf.php

    * File appears to be malicious: wp-content/uploads/2014/global.php

    * File appears to be malicious: wp-content/uploads/delightful-downloads/2015/05/index.php

    * File appears to be malicious: wp-includes/SimplePie/Content/sql.php

    * File appears to be malicious: wp-includes/SimplePie/XML/diff47.php

    * File appears to be malicious: wp-includes/images/wlw/template98.php

    * File appears to be malicious: wp-includes/random_compat/test.php

    * File appears to be malicious: wp-includes/theme.php

    Warnings:

    * Unknown file in WordPress core: wp-admin/includes/page.php

    * Unknown file in WordPress core: wp-admin/js/template.php

    * Unknown file in WordPress core: wp-includes/SimplePie/Content/sql.php

    * Unknown file in WordPress core: wp-includes/SimplePie/XML/diff47.php

    * Unknown file in WordPress core: wp-includes/images/wlw/template98.php

    * Unknown file in WordPress core: wp-includes/random_compat/test.php

    #727728

    I know somebody today whose site has been hacked (not a kriesi theme) and if you visit it on a fresh ip it redirects to an amazon gift voucher offer or similar, they also have this file and are in the process of trying to figure out if it’s the problem. It looks like it is.

    Edit – Sorry, I was just talking about the wp-zelf.php, I’m not sure about the others.

    • This reply was modified 8 years ago by alibear11.
    #727837

    Hi,

    I looks like your site has been compromised yes, for instance the first file you mentioned is not a WordPress file: wp-content/wp-zelf.php

    Does WordFence have a cleaning service? If so I would try using it.

    Best regards,
    Rikard

Viewing 3 posts - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.