About › Support › Installing Church Admin › Malicious Content in File
- This topic is empty.
-
AuthorPosts
-
16th July 2019 at 3:04 pm #2899Rich CoxParticipant
Hi Andy,
Just thought it worth dropping you a line to say that Wordfence (Premium version) has marked up a file as containing malicious code on my site.
Filename: wp-content/uploads/church-admin-cache/debug_log.php
File Type: Not a core, theme, or plugin file from wordpress.org.
Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The matched text in this file is: viagra onlineThe issue type is: Spam:HTML/spamtags.3942
Description: A spam link known as spamtagsIs this a file I can simply delete? being under /church-admin-cache/ ??
Inspecting the file returns several places where ‘viagra’ has been inserted. (see below)
Is this simply the remnants of someone trying to register on the site? I’ve not received any notification of such an attempt to register.
Many thanks,
Kind Regards,
Rich.=================
Array
(
[save] => yes
[church_admin_register] => c285e5b1d1
[_wp_http_referer] => /register/
[new_entry] => yes
[people_id] => Array
(
[0] => 0
)[first_name1] => buy generic viagra
[middle_name1] => buy generic viagra
[last_name1] => buy generic viagra
[people_order] => 1
[mobile1] => 83651636797
[email1] => gorackedana93@mail.com
[date_of_birth1x] => 1976-11-11
[date_of_birth1] =>
[sex1] => 0
[marital_status1] => 5
[people_type_id1] => 2
[logo1] =>
[attachment_id1] =>
[smallgroup1] =>
[facebook1] => buy viagra online
[instagram1] => buy viagra
[twitter1] => viagra online
[member_type_id1] => Array
(
[0] => 1
)[site_id1] => 2
[sms_send1] => TRUE
[email_send1] => TRUE
[mail_send1] => TRUE
[gdpr1] =>
[logo] =>
[household_attachment_id] =>
[address] => https://viagraoktobuy.com/
[lat] => -0.148193359375
[lng] => 51.50351129583287
[submit] => Register
)
=================16th July 2019 at 6:04 pm #4291Andy MoyleKeymasterI left debugging on. The debug file in church-admin-cache stores debugging messages. That was someone trying to register on your site as a Viagra salesperson!
17th July 2019 at 8:37 am #4292Rich CoxParticipantThanks Andy…
-
AuthorPosts
- You must be logged in to reply to this topic.