I would like ask if somebody has same apache log like this
"POST /var/export/wp-sign.php?x=f&f=local.xml&ft=edit&d=%2Fsrv%2Fwww%2Fclients%2Ftest%2Fapp%2Fetc%2F HTTP/1.1" 200 3496 "http://test/var/export/wp-sign.php?x=f&f=local.xml&ft=edit&d=%2Fsrv%2Fwww%2Fclients%2Ftest%2Fapp%2Fetc%2F" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
do you know what is the wp-sign.php?
where can i report something like this plus include the malware file?
thx for help
It looks like an attempt to check if you have a previously seeded malware backdoor and use it to check out your app/etc/local.xml file. Bad news is that the attempt status was 200. So, yeah, wp-sign.php is probably a backdoor and you should get rid of it.