Question about possible malware

I've been watching my 404 errors in Awstats and I've noticed that both "/wp-content/uploads/_input__test.php5" and "/wp-content/uploads/_input__test.php." are returning a 404 once or twice daily. I researched and found these two files are associated with malware. I've searched my database and directories and can find no instance of these 2 files. I'm wondering if anyone could tell me what might be creating these 404s and should I be concerned?

Thanks,
Larry

  • Michael Bissett

    Hey @lbartley, hope you're doing well today! :slight_smile:

    I'm wondering if anyone could tell me what might be creating these 404s and should I be concerned?

    Those files would look to be uploaded by a hacker, and that fact that they are there (or were there, if you're not seeing those files in your uploads folder now) would indeed be a cause for concern.

    One question I'd like to ask here, would you happen to have a security plugin installed on your site? If not, I'd advise installing something like WordFence pronto:

    https://wordpress.org/plugins/wordfence/

    Given the fact that those two .php files were generating 404 errors, it sounds like your permissions need adjusting. I'd want to make sure that files inside of your uploads folder have 644 permissions, that should keep files like those two .php files from executing.

    Hopefully, there's a recent backup on hand as well, as in the worst case scenario, that will need to be used to restore from.

    Let me know if this helps please! :slight_smile:

    Kind Regards,
    Michael

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.