Showing results for 
Search instead for 
Did you mean: 

Magento 1.9 wp-sign.php

Magento 1.9 wp-sign.php

I would like ask if somebody has same apache log like this


"POST /var/export/wp-sign.php?x=f&f=local.xml&ft=edit&d=%2Fsrv%2Fwww%2Fclients%2Ftest%2Fapp%2Fetc%2F HTTP/1.1" 200 3496 "http://test/var/export/wp-sign.php?x=f&f=local.xml&ft=edit&d=%2Fsrv%2Fwww%2Fclients%2Ftest%2Fapp%2Fetc%2F" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"


do you know what is the wp-sign.php?

where can i report something like this plus include the malware file?


thx for help




Re: Magento 1.9 wp-sign.php

It looks like an attempt to check if you have a previously seeded malware backdoor and use it to check out your app/etc/local.xml file. Bad news is that the attempt status was 200. So, yeah, wp-sign.php is probably a backdoor and you should get rid of it.

Tanel Raja