Wordfence erkennt potentielle Malware!

Hallo Leute!


Der letzte Wordfence-Scan berichtet mir folgende Warnungen:

[h=2]File appears to be malicious: wp-admin/includes/network.php[/h]
[TABLE="class: wfIssue"]
[TR]
[TH]Filename:[/TH]
[TD]wp-admin/includes/network.php[/TD]
[/TR]
[TR]
[TH]File type:[/TH]
[TD]Not a core, theme or plugin file.[/TD]
[/TR]
[TR]
[TH]Issue first detected:[/TH]
[TD]16 mins ago.[/TD]
[/TR]
[TR]
[TH]Severity:[/TH]
[TD]Critical[/TD]
[/TR]
[TR]
[TH]Status[/TH]
[TD] New [/TD]
[/TR]
[/TABLE]
This file appears to be installed by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: "\x65\x76\x61\x6C\x28".

​

[h=2]File appears to be malicious: wp-admin/network/system.php[/h]
[TABLE="class: wfIssue"]
[TR]
[TH]Filename:[/TH]
[TD]wp-admin/network/system.php[/TD]
[/TR]
[TR]
[TH]File type:[/TH]
[TD]Not a core, theme or plugin file.[/TD]
[/TR]
[TR]
[TH]Issue first detected:[/TH]
[TD]16 mins ago.[/TD]
[/TR]
[TR]
[TH]Severity:[/TH]
[TD]Critical[/TD]
[/TR]
[TR]
[TH]Status[/TH]
[TD] New [/TD]
[/TR]
[/TABLE]
This file appears to be installed by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: "\x65\x76\x61\x6C\x28".





[h=2]File appears to be malicious: wp-admin/sapatani.php[/h]
[TABLE="class: wfIssue"]
[TR]
[TH]Filename:[/TH]
[TD]wp-admin/sapatani.php[/TD]
[/TR]
[TR]
[TH]File type:[/TH]
[TD]Not a core, theme or plugin file.[/TD]
[/TR]
[TR]
[TH]Issue first detected:[/TH]
[TD]16 mins ago.[/TD]
[/TR]
[TR]
[TH]Severity:[/TH]
[TD]Critical[/TD]
[/TR]
[TR]
[TH]Status[/TH]
[TD] New [/TD]
[/TR]
[/TABLE]
This file appears to be installed by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: "\x65\x76\x61\x6C\x28".



[h=2]This file may contain malicious executable code: /data/web/e40673/html/apps/wordpress-16948/wpinstall - Copy.php[/h]
[TABLE="class: wfIssue"]
[TR]
[TH]Filename:[/TH]
[TD]wpinstall - Copy.php[/TD]
[/TR]
[TR]
[TH]File type:[/TH]
[TD]Not a core, theme or plugin file.[/TD]
[/TR]
[TR]
[TH]Issue first detected:[/TH]
[TD]16 mins ago.[/TD]
[/TR]
[TR]
[TH]Severity:[/TH]
[TD]Critical[/TD]
[/TR]
[TR]
[TH]Status[/TH]
[TD] New [/TD]
[/TR]
[/TABLE]
This file is a PHP executable file and contains an eval() function and base64() decoding function on the same line. This is a common technique used by hackers to hide and execute code. If you know about this file you can choose to ignore it to exclude it from future scans.



[h=2]WordPress core file modified: wp-includes/version.php[/h]
[TABLE="class: wfIssue"]
[TR]
[TH]Filename:[/TH]
[TD]wp-includes/version.php[/TD]
[/TR]
[TR]
[TH]File type:[/TH]
[TD]Core[/TD]
[/TR]
[TR]
[TH]Issue first detected:[/TH]
[TD]17 mins ago.[/TD]
[/TR]
[TR]
[TH]Severity:[/TH]
[TD]Critical[/TD]
[/TR]
[TR]
[TH]Status[/TH]
[TD] New [/TD]
[/TR]
[/TABLE]
This WordPress core file has been modified and differs from the original file distributed with this version of WordPress.



[h=2]WordPress core file modified: wp-config-sample.php[/h]
[TABLE="class: wfIssue"]
[TR]
[TH]Filename:[/TH]
[TD]wp-config-sample.php[/TD]
[/TR]
[TR]
[TH]File type:[/TH]
[TD]Core[/TD]
[/TR]
[TR]
[TH]Issue first detected:[/TH]
[TD]18 mins ago.[/TD]
[/TR]
[TR]
[TH]Severity:[/TH]
[TD]Critical[/TD]
[/TR]
[TR]
[TH]Status[/TH]
[TD] New [/TD]
[/TR]
[/TABLE]
This WordPress core file has been modified and differs from the original file distributed with this version of WordPress.



[h=2]WordPress core file modified: index.php[/h]
[TABLE="class: wfIssue"]
[TR]
[TH]Filename:[/TH]
[TD]index.php[/TD]
[/TR]
[TR]
[TH]File type:[/TH]
[TD]Core[/TD]
[/TR]
[TR]
[TH]Issue first detected:[/TH]
[TD]18 mins ago.[/TD]
[/TR]
[TR]
[TH]Severity:[/TH]
[TD]Critical[/TD]
[/TR]
[TR]
[TH]Status[/TH]
[TD] New [/TD]
[/TR]
[/TABLE]
This WordPress core file has been modified and differs from the original file distributed with this version of WordPress.





Ich nehme an, dass die letzten drei eher wurscht sind, ich denke, das liegt wohl an den Firewall- und Hardening-Einstellungen, die ich bisher vorgenommen habe. Die ersten vier bereiten mir mehr Sorgen...
Was ist eure Meinung dazu?

Danke, LG