Hi All, my firewall flagged a s2member file, is this an error or legit?
Details
wp-content/plugins/s2member-logs/wp-http-api-debug-ARCHIVED-02-15-2019-1550239569.log
File Type: Not a core, theme, or plugin file from wordpress.org.
Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The matched text in this file is: onfr64_qrpbqr
I found a link talking about the backdoor text
onfr64_qrpbqr
Hi Sarah.
That’s one of the s2Member log files. WP Admin > s2Member > Log Files
You can remove those from the server. Log files won’t be executed, unless you have your server set to parse them as PHP? But where in that file is that string? Probably as part of something else in the file. I’m just guessing that it may only be a very unusual coincidence? In any case, you can simply remove the log file, and just back them up elsewhere, but basically delete them from the server when you’re done using them.
Does that help? 