Replies: 0
Hi,
I’m getting these really unusual error_logs that I assume are exploit files attempting to run, I’ve search for all of the locations but none of the files exist.
My theme files appear to be fine, my plugins appear to be fine and Wordfence shows no issues either.
I tried to use Exploit Scanner but there are hundreds of lines that use base64_decode and eval, I can’t notice anything that looks odd but I am not the author of the plugins so I am not sure really.
The site appears to be running fine, no unusual/unknown files being loaded or anything so not sure what’s causing these errors you can see below.
[04-Aug-2017 22:33:07 UTC] PHP Warning: mime_content_type(/home/MYHOSTUSERNAME/public_html/wp-content/uploads/bb.php): failed to open stream: No such file or directory in /home/MYHOSTUSERNAME/public_html/wp-content/plugins/wishlist-member/core/PluginMethods.php on line 7632
[04-Aug-2017 22:35:58 UTC] PHP Warning: mime_content_type(/home/MYHOSTUSERNAME/public_html/wp-content/uploads/b.php): failed to open stream: No such file or directory in /home/MYHOSTUSERNAME/public_html/wp-content/plugins/wishlist-member/core/PluginMethods.php on line 7632
[06-Aug-2017 01:44:20 UTC] PHP Warning: mime_content_type(/home/MYHOSTUSERNAME/public_html/wp-content/uploads/2015/09/new_up.php): failed to open stream: No such file or directory in /home/MYHOSTUSERNAME/public_html/wp-content/plugins/wishlist-member/core/PluginMethods.php on line 7632
[06-Aug-2017 06:30:00 UTC] PHP Warning: mime_content_type(/home/MYHOSTUSERNAME/public_html/wp-content/uploads/uploads_.php): failed to open stream: No such file or directory in /home/MYHOSTUSERNAME/public_html/wp-content/plugins/wishlist-member/core/PluginMethods.php on line 7632
[06-Aug-2017 06:36:29 UTC] PHP Warning: mime_content_type(/home/MYHOSTUSERNAME/public_html/wp-content/uploads/pdo.inc.php): failed to open stream: No such file or directory in /home/MYHOSTUSERNAME/public_html/wp-content/plugins/wishlist-member/core/PluginMethods.php on line 7632
[06-Aug-2017 08:11:03 UTC] PHP Warning: mime_content_type(/home/MYHOSTUSERNAME/public_html/wp-content/uploads/wp-cods.php): failed to open stream: No such file or directory in /home/MYHOSTUSERNAME/public_html/wp-content/plugins/wishlist-member/core/PluginMethods.php on line 7632
[06-Aug-2017 08:15:20 UTC] PHP Warning: mime_content_type(/home/MYHOSTUSERNAME/public_html/wp-content/uploads/temp.php): failed to open stream: No such file or directory in /home/MYHOSTUSERNAME/public_html/wp-content/plugins/wishlist-member/core/PluginMethods.php on line 7632
[08-Aug-2017 03:55:33 UTC] PHP Warning: mime_content_type(/home/MYHOSTUSERNAME/public_html/wp-content/uploads/Marvins.php): failed to open stream: No such file or directory in /home/MYHOSTUSERNAME/public_html/wp-content/plugins/wishlist-member/core/PluginMethods.php on line 7632
[09-Aug-2017 08:15:17 UTC] PHP Warning: mime_content_type(/home/MYHOSTUSERNAME/public_html/wp-content/uploads/logo_img.php.suspected): failed to open stream: No such file or directory in /home/MYHOSTUSERNAME/public_html/wp-content/plugins/wishlist-member/core/PluginMethods.php on line 7632
[09-Aug-2017 08:35:56 UTC] PHP Warning: mime_content_type(/home/MYHOSTUSERNAME/public_html/wp-content/uploads/logo_img.php.suspected): failed to open stream: No such file or directory in /home/MYHOSTUSERNAME/public_html/wp-content/plugins/wishlist-member/core/PluginMethods.php on line 7632
[09-Aug-2017 10:29:29 UTC] PHP Warning: mime_content_type(/home/MYHOSTUSERNAME/public_html/wp-content/uploads/logo_img.php.suspected): failed to open stream: No such file or directory in /home/MYHOSTUSERNAME/public_html/wp-content/plugins/wishlist-member/core/PluginMethods.php on line 7632
[09-Aug-2017 11:29:52 UTC] PHP Warning: mime_content_type(/home/MYHOSTUSERNAME/public_html/wp-content/uploads/2015/09/new_up.php): failed to open stream: No such file or directory in /home/MYHOSTUSERNAME/public_html/wp-content/plugins/wishlist-member/core/PluginMethods.php on line 7632
[09-Aug-2017 12:28:18 UTC] PHP Warning: mime_content_type(/home/MYHOSTUSERNAME/public_html/wp-content/uploads/logo_img.php.suspected): failed to open stream: No such file or directory in /home/MYHOSTUSERNAME/public_html/wp-content/plugins/wishlist-member/core/PluginMethods.php on line 7632
[09-Aug-2017 12:28:22 UTC] PHP Warning: mime_content_type(/home/MYHOSTUSERNAME/public_html/wp-content/uploads/logo_img.php.suspected): failed to open stream: No such file or directory in /home/MYHOSTUSERNAME/public_html/wp-content/plugins/wishlist-member/core/PluginMethods.php on line 7632For reference, the WishlistMember function that is running is shown below:
Line 7632 = $mime = mime_content_type($filename);
/**
* GetMimeType
*
* Retrieves the correct mime type of a file
* This function is based on Chris Jean's recommendations:
* http://chrisjean.com/2009/02/14/generating-mime-type-in-php-is-not-magic/
*
* @param string $filename path to file
* @return string Mime type (or an empty string if it failed)
*/
function GetMimeType($filename) {
if(file_exists($filename) ){
/* first, let's see if we can get the mime type using finfo functions */
if (function_exists('finfo_open') && function_exists('finfo_file') && function_exists('finfo_close')) {
$finfo = finfo_open(FILEINFO_MIME);
$mime = finfo_file($finfo, $filename);
finfo_close($finfo);
if (!empty($mime))
return $mime;
}
}
/* next, let's try to retrieve the mime type from our array */
$mime_types = array(
'ai' => 'application/postscript',
'aif' => 'audio/x-aiff',
'aifc' => 'audio/x-aiff',
'aiff' => 'audio/x-aiff',
'asc' => 'text/plain',
'asf' => 'video/x-ms-asf',
'asx' => 'video/x-ms-asf',
'au' => 'audio/basic',
'avi' => 'video/x-msvideo',
'bcpio' => 'application/x-bcpio',
'bin' => 'application/octet-stream',
'bmp' => 'image/bmp',
'bz2' => 'application/x-bzip2',
'cdf' => 'application/x-netcdf',
'chrt' => 'application/x-kchart',
'class' => 'application/octet-stream',
'cpio' => 'application/x-cpio',
'cpt' => 'application/mac-compactpro',
'csh' => 'application/x-csh',
'css' => 'text/css',
'dcr' => 'application/x-director',
'dir' => 'application/x-director',
'djv' => 'image/vnd.djvu',
'djvu' => 'image/vnd.djvu',
'dll' => 'application/octet-stream',
'dms' => 'application/octet-stream',
'doc' => 'application/msword',
'dvi' => 'application/x-dvi',
'dxr' => 'application/x-director',
'eps' => 'application/postscript',
'etx' => 'text/x-setext',
'exe' => 'application/octet-stream',
'dmg' => 'application/octet-stream',
'msi' => 'application/octet-stream',
'ez' => 'application/andrew-inset',
'flv' => 'video/x-flv',
'gif' => 'image/gif',
'gtar' => 'application/x-gtar',
'gz' => 'application/x-gzip',
'hdf' => 'application/x-hdf',
'hqx' => 'application/mac-binhex40',
'htm' => 'text/html',
'html' => 'text/html',
'ice' => 'x-conference/x-cooltalk',
'ief' => 'image/ief',
'iges' => 'model/iges',
'igs' => 'model/iges',
'img' => 'application/octet-stream',
'iso' => 'application/octet-stream',
'jad' => 'text/vnd.sun.j2me.app-descriptor',
'jar' => 'application/x-java-archive',
'jnlp' => 'application/x-java-jnlp-file',
'jpe' => 'image/jpeg',
'jpeg' => 'image/jpeg',
'jpg' => 'image/jpeg',
'js' => 'application/x-javascript',
'kar' => 'audio/midi',
'kil' => 'application/x-killustrator',
'kpr' => 'application/x-kpresenter',
'kpt' => 'application/x-kpresenter',
'ksp' => 'application/x-kspread',
'kwd' => 'application/x-kword',
'kwt' => 'application/x-kword',
'latex' => 'application/x-latex',
'lha' => 'application/octet-stream',
'lzh' => 'application/octet-stream',
'm3u' => 'audio/x-mpegurl',
'man' => 'application/x-troff-man',
'me' => 'application/x-troff-me',
'mesh' => 'model/mesh',
'mid' => 'audio/midi',
'midi' => 'audio/midi',
'mif' => 'application/vnd.mif',
'mov' => 'video/quicktime',
'movie' => 'video/x-sgi-movie',
'mp2' => 'audio/mpeg',
'mp3' => 'audio/mpeg',
'mp4' => 'video/mp4',
'mpe' => 'video/mpeg',
'mpeg' => 'video/mpeg',
'mpg' => 'video/mpeg',
'mpga' => 'audio/mpeg',
'ms' => 'application/x-troff-ms',
'msh' => 'model/mesh',
'mxu' => 'video/vnd.mpegurl',
'nc' => 'application/x-netcdf',
'odb' => 'application/vnd.oasis.opendocument.database',
'odc' => 'application/vnd.oasis.opendocument.chart',
'odf' => 'application/vnd.oasis.opendocument.formula',
'odg' => 'application/vnd.oasis.opendocument.graphics',
'odi' => 'application/vnd.oasis.opendocument.image',
'odm' => 'application/vnd.oasis.opendocument.text-master',
'odp' => 'application/vnd.oasis.opendocument.presentation',
'ods' => 'application/vnd.oasis.opendocument.spreadsheet',
'odt' => 'application/vnd.oasis.opendocument.text',
'oga' => 'audio/ogg',
'ogg' => 'application/ogg',
'ogv' => 'video/ogg',
'otg' => 'application/vnd.oasis.opendocument.graphics-template',
'oth' => 'application/vnd.oasis.opendocument.text-web',
'otp' => 'application/vnd.oasis.opendocument.presentation-template',
'ots' => 'application/vnd.oasis.opendocument.spreadsheet-template',
'ott' => 'application/vnd.oasis.opendocument.text-template',
'pbm' => 'image/x-portable-bitmap',
'pdb' => 'chemical/x-pdb',
'pdf' => 'application/pdf',
'pgm' => 'image/x-portable-graymap',
'pgn' => 'application/x-chess-pgn',
'png' => 'image/png',
'pnm' => 'image/x-portable-anymap',
'ppm' => 'image/x-portable-pixmap',
'ppt' => 'application/vnd.ms-powerpoint',
'ps' => 'application/postscript',
'qt' => 'video/quicktime',
'ra' => 'audio/x-realaudio',
'ram' => 'audio/x-pn-realaudio',
'ras' => 'image/x-cmu-raster',
'rgb' => 'image/x-rgb',
'rm' => 'audio/x-pn-realaudio',
'roff' => 'application/x-troff',
'rpm' => 'application/x-rpm',
'rtf' => 'text/rtf',
'rtx' => 'text/richtext',
'sgm' => 'text/sgml',
'sgml' => 'text/sgml',
'sh' => 'application/x-sh',
'shar' => 'application/x-shar',
'silo' => 'model/mesh',
'sis' => 'application/vnd.symbian.install',
'sit' => 'application/x-stuffit',
'skd' => 'application/x-koan',
'skm' => 'application/x-koan',
'skp' => 'application/x-koan',
'skt' => 'application/x-koan',
'smi' => 'application/smil',
'smil' => 'application/smil',
'snd' => 'audio/basic',
'so' => 'application/octet-stream',
'spl' => 'application/x-futuresplash',
'src' => 'application/x-wais-source',
'stc' => 'application/vnd.sun.xml.calc.template',
'std' => 'application/vnd.sun.xml.draw.template',
'sti' => 'application/vnd.sun.xml.impress.template',
'stw' => 'application/vnd.sun.xml.writer.template',
'sv4cpio' => 'application/x-sv4cpio',
'sv4crc' => 'application/x-sv4crc',
'swf' => 'application/x-shockwave-flash',
'sxc' => 'application/vnd.sun.xml.calc',
'sxd' => 'application/vnd.sun.xml.draw',
'sxg' => 'application/vnd.sun.xml.writer.global',
'sxi' => 'application/vnd.sun.xml.impress',
'sxm' => 'application/vnd.sun.xml.math',
'sxw' => 'application/vnd.sun.xml.writer',
't' => 'application/x-troff',
'tar' => 'application/x-tar',
'tcl' => 'application/x-tcl',
'tex' => 'application/x-tex',
'texi' => 'application/x-texinfo',
'texinfo' => 'application/x-texinfo',
'tgz' => 'application/x-gzip',
'tif' => 'image/tiff',
'tiff' => 'image/tiff',
'torrent' => 'application/x-bittorrent',
'tr' => 'application/x-troff',
'tsv' => 'text/tab-separated-values',
'txt' => 'text/plain',
'ustar' => 'application/x-ustar',
'vcd' => 'application/x-cdlink',
'vrml' => 'model/vrml',
'wav' => 'audio/x-wav',
'wax' => 'audio/x-ms-wax',
'webm' => 'video/webm',
'wbmp' => 'image/vnd.wap.wbmp',
'wbxml' => 'application/vnd.wap.wbxml',
'wm' => 'video/x-ms-wm',
'wma' => 'audio/x-ms-wma',
'wml' => 'text/vnd.wap.wml',
'wmlc' => 'application/vnd.wap.wmlc',
'wmls' => 'text/vnd.wap.wmlscript',
'wmlsc' => 'application/vnd.wap.wmlscriptc',
'wmv' => 'video/x-ms-wmv',
'wmx' => 'video/x-ms-wmx',
'wrl' => 'model/vrml',
'wvx' => 'video/x-ms-wvx',
'xbm' => 'image/x-xbitmap',
'xht' => 'application/xhtml+xml',
'xhtml' => 'application/xhtml+xml',
'xls' => 'application/vnd.ms-excel',
'xml' => 'text/xml',
'xpm' => 'image/x-xpixmap',
'xsl' => 'text/xml',
'xwd' => 'image/x-xwindowdump',
'xyz' => 'chemical/x-xyz',
'zip' => 'application/zip',
'xlsx' => 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
'xltx' => 'application/vnd.openxmlformats-officedocument.spreadsheetml.template',
'potx' => 'application/vnd.openxmlformats-officedocument.presentationml.template',
'ppsx' => 'application/vnd.openxmlformats-officedocument.presentationml.slideshow',
'pptx' => 'application/vnd.openxmlformats-officedocument.presentationml.presentation',
'sldx' => 'application/vnd.openxmlformats-officedocument.presentationml.slide',
'docx' => 'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
'dotx' => 'application/vnd.openxmlformats-officedocument.wordprocessingml.template',
'xlam' => 'application/vnd.ms-excel.addin.macroEnabled.12',
'xlsb' => 'application/vnd.ms-excel.sheet.binary.macroEnabled.12'
);
$ext = explode('.', $filename);
$ext = strtolower(array_pop($ext));
if (!empty($mime_types[$ext]))
return $mime_types[$ext];
/*
* last, we try to retrieve it using mime_content_type
* Why is this last??? Because it's unreliable...
*/
if (function_exists('mime_content_type')) {
$mime = mime_content_type($filename);
if (!empty($mime))
return $mime;
}
/* still nothing? we return an empty string */
return '';
}