Supercache file Critical warning

  • Resolved Floris

    (@florismk)


    2 years, 3 months ago

    I’m getting a critical warning about two Supercache files.

    /mnt/web003/e2/70/511363570/htdocs/floriskleijne.nl/wp-content/cache/supercache/www.floriskleijne.nl/wp-cache-3c685ba0ad8c85ade50e389730ed2748.php

    And

    /mnt/web003/e2/70/511363570/htdocs/floriskleijne.nl/wp-content/cache/supercache/www.floriskleijne.nl/meta-wp-cache-3c685ba0ad8c85ade50e389730ed2748.php

    Backdoor: PHP/PD9.5376 (A backdoor known as PD9).

    Is this legit? How can I tell if it’s legit? And how, with WordFence enabled and 2-factor authentication enabled, and strong passwords, did this get into my site?

    The page I need help with: [log in to see the link]

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Support wfmark

    (@wfmark)

    2 years, 3 months ago

    Hi @florismk, Thanks for reaching out.

    Are you using any caching plugins on the site? Can you please confirm the plugin and the version you’re on?

    There is a  high chance that this warning is legitimate as it has been detected by Wordfence. I suspect this may be due to an outdated plugin. Can you confirm that all your plugins are up to date? Sometimes backdoors are unsecured maintenance scripts accidentally left behind after authorized site maintenance.

    You can download the files highlighted using FTP, or your host’s web-based file manager and send them to [email protected] where our team can inform you whether any action is necessary to resolve the issue. In your email, please include a link to this forum topic so that our team will know you had raised the issue with us.

    Please note that when attaching files, ensure that you remove any database access credentials or keys/salts contained inside before sending.

    Thanks,

    Mark.

    Thread Starter Floris

    (@florismk)

    2 years, 3 months ago

    Hi @wfmark, thanks for the prompt reply!

    I’m using WP Super Cache on all my four sites, two of which have now had the same warning from WordFence. Indeed, the files flagged are in the Super Cache cache folder.

    I keep my WordPress installation up-to-date, including my plugins and theme, so all installed files are usually patched to the latest versions.

    I’m sending the first two files to Samples, zipped.

    Thanks!

    Plugin Support wfmark

    (@wfmark)

    2 years, 3 months ago

    Hi @florismk, Thank you for getting back to us and sending the files.

    Our team will look into them and get back to you in case of any issues.

    Good to hear that your plugins are up to date. For versions  below 1.8, WP Super Cache had a known vulnerability that has since been patched for versions 1.9 and above as documented here:

    https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-super-cache/wp-super-cache-18-unauthenticated-cache-poisoning 

    Should you need any further assistance, please create a new topic and we will be happy to help.

    Thanks,

    Mark.

    Thread Starter Floris

    (@florismk)

    2 years, 3 months ago

    It was a real infection, and both sites also had suspicious added lines in wp-config.php. All cleaned up now, all passwords changed. Whew.

    Thread Starter Floris

    (@florismk)

    2 years, 3 months ago

    PS: So thanks!

    Plugin Support wfmark

    (@wfmark)

    2 years, 3 months ago

    @florismk,

    Glad I could be of help. In case you have any other questions do not hesitate to reach out.

    Thanks,

    Mark.

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘Supercache file Critical warning’ is closed to new replies.