Malicious Content in File | Installing Church Admin | Support

Support Forum

We use and recommend UK2 for hosting - get a month free

Avatar

Please consider registering
guest

sp_LogInOut Log In sp_Registration Register sp_MemberList Members

Register | Lost password?
Advanced Search

— Forum Scope —




— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

sp_Feed Topic RSS sp_TopicIcon
Malicious Content in File
16th July 2019
3:04 pm
Avatar
Member
Members
Forum Posts: 60
Member Since:
2nd April 2019
sp_UserOfflineSmall Offline

Hi Andy,

Just thought it worth dropping you a line to say that Wordfence (Premium version) has marked up a file as containing malicious code on my site.

Filename: wp-content/uploads/church-admin-cache/debug_log.php
File Type: Not a core, theme, or plugin file from wordpress.org.
Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The matched text in this file is: viagra online

The issue type is: Spam:HTML/spamtags.3942
Description: A spam link known as spamtags

Is this a file I can simply delete? being under /church-admin-cache/ ??

Inspecting the file returns several places where 'viagra' has been inserted. (see below)

Is this simply the remnants of someone trying to register on the site? I've not received any notification of such an attempt to register.

Many thanks,
Kind Regards,
Rich.

=================
Array
(
[save] => yes
=> c285e5b1d1
[_wp_http_referer] => /register/
[new_entry] => yes
[people_id] => Array
(
[0] => 0
)

[first_name1] => buy generic viagra
[middle_name1] => buy generic viagra
[last_name1] => buy generic viagra
[people_order] => 1
[mobile1] => 83651636797
[email1] => gorackedana93@mail.com
[date_of_birth1x] => 1976-11-11
[date_of_birth1] =>
[sex1] => 0
[marital_status1] => 5
[people_type_id1] => 2
[logo1] =>
[attachment_id1] =>
[smallgroup1] =>
[facebook1] => buy viagra online
[instagram1] => buy viagra
[twitter1] => viagra online
[member_type_id1] => Array
(
[0] => 1
)

[site_id1] => 2
[sms_send1] => TRUE
[email_send1] => TRUE
[mail_send1] => TRUE
[gdpr1] =>
[logo] =>
[household_attachment_id] =>
[address] => https://viagraoktobuy.com/
[lat] => -0.148193359375
[lng] => 51.50351129583287
[submit] => Register
)
=================

16th July 2019
6:04 pm
Avatar
Admin
Forum Posts: 675
Member Since:
4th March 2015
sp_UserOfflineSmall Offline

I left debugging on. The debug file in church-admin-cache stores debugging messages. That was someone trying to register on your site as a Viagra salesperson!

If you are finding the plugin useful, please subscribe to the app - it's free for your congregation to use and only £9.99pm for a church subscription

17th July 2019
8:37 am
Avatar
Member
Members
Forum Posts: 60
Member Since:
2nd April 2019
sp_UserOfflineSmall Offline

Thanks Andy... Smile

Forum Timezone: Europe/London

Most Users Ever Online: 35

Currently Online:
1 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Top Posters:

David Z.: 76

Rich Cox: 60

Allen: 51

rrfranks: 40

Gavin: 35

Janeen: 23

365sussex: 21

ehout: 20

Jay Jones: 19

matta: 18

Member Stats:

Guest Posters: 39

Members: 362

Moderators: 0

Admins: 1

Forum Stats:

Groups: 4

Forums: 13

Topics: 431

Posts: 1628

Administrators: andymoyle: 675