Hello,
I’ve recently had a 6 files tagged as malicious by Wordfence, they’re WP-Optimize JavaScript minfied files so not actual php malware scripts.
They were tagged because they contained the string “alexusmailer” which is a mailing script made by a russian guy (which makes this more suspicious)
I’ve done a bit of forensic work on the server as I have access to it but I can’t find anything related to “alexusmailer”. No php file to be seen and I don’t understand the “header: PROCESSED” idea from WP-Optimize or where it got the alexusmailer path from?
All my plugins and Astra theme were up to date with auto-updates, my password had no way of being breached, server has ssh log in with private keys only no password and wordfence didn’t report any logins so unless this was a zero-day exploit I have no clue.
The blurred URL is the website I’m working on, not anything external.
Any idea?
Thank you.
