mc.log file quarantined from folder mc_data

Home Forums BulletProof Security Pro mc.log file quarantined from folder mc_data

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #40671
    AITpro Admin
    Keymaster

    Email Question:

    This file was quarantined. Is the code in the file malicious?

    File name: 41eb2eea8d9d5e83a0550d3eea892fab-mc.log
    Source Path: /home/596777.cloudwaysapps.com/vqsszrxhna/public_html/wp-content/mc_data/41eb2eea8d9d5e83a0550d3eea892fab-mc.log

    bvlogbvlogbvlog:2479:a:15:{s:4:"path";s:12:"/wp-load.php";s:9:"filenames";s:6:"a:0:{}";s:4:"host";s:13:"www.bfghs.org";s:4:"time";i:1629789594;s:2:"ip";s:15:"173.199.118.125";s:6:"method";s:4:"POST";s:12:"query_string";s:1949:"a:28:{s:13:"BODY[apipage]";a:2:{s:4:"size";i:9;s:12:"regular_word";b:1;}s:12:"BODY[b64[0]]";a:2:{s:4:"size";i:6;s:12:"regular_word";b:1;}s:12:"BODY[b64[1]]";a:2:{s:4:"size";i:6;s:12:"regular_word";b:1;}s:11:"BODY[bvb64]";a:2:{s:4:"size";i:4;s:12:"regular_word";b:1;}s:15:"BODY[bvb64resp]";a:2:{s:4:"size";i:4;s:12:"regular_word";b:1;}s:16:"BODY[bvplugname]";a:2:{s:4:"size";i:7;s:12:"regular_word";b:1;}s:12:"BODY[bvprms]";a:2:{s:4:"size";i:1;s:7:"numeric";b:1;}s:17:"BODY[bvprms_bv_1]";a:2:{s:4:"size";i:128;s:12:"regular_word";b:1;}s:17:"BODY[bvprms_bv_2]";a:2:{s:4:"size";i:128;s:12:"regular_word";b:1;}s:17:"BODY[bvprms_bv_3]";a:2:{s:4:"size";i:128;s:12:"regular_word";b:1;}s:17:"BODY[bvprms_bv_4]";a:2:{s:4:"size";i:128;s:12:"regular_word";b:1;}s:17:"BODY[bvprms_bv_5]";a:2:{s:4:"size";i:128;s:12:"regular_word";b:1;}s:17:"BODY[bvprms_bv_6]";a:2:{s:4:"size";i:128;s:12:"regular_word";b:1;}s:17:"BODY[bvprms_bv_7]";a:2:{s:4:"size";i:128;s:12:"regular_word";b:1;}s:15:"BODY[bvprmsmac]";a:2:{s:4:"size";i:40;s:12:"regular_word";b:1;}s:16:"BODY[bvreqmerge]";a:2:{s:4:"size";i:4;s:12:"regular_word";b:1;}s:14:"BODY[checksum]";a:2:{s:4:"size";i:3;s:12:"regular_word";b:1;}s:15:"BODY[concat[0]]";a:2:{s:4:"size";i:6;s:12:"regular_word";b:1;}s:12:"BODY[memset]";a:2:{s:4:"size";i:3;s:7:"numeric";b:1;}s:13:"BODY[sersafe]";a:2:{s:4:"size";i:6;s:12:"regular_word";b:1;}s:14:"BODY[unser[0]]";a:2:{s:4:"size";i:6;s:12:"regular_word";b:1;}s:10:"BODY[wing]";a:2:{s:4:"size";i:4;s:12:"regular_word";b:1;}s:11:"GET[pubkey]";a:2:{s:4:"size";i:32;s:5:"value";s:32:"79f2d3ae70c52315b995dfa7daa5bb66";}s:11:"GET[bvTime]";a:2:{s:4:"size";i:10;s:5:"value";s:10:"1629789594";}s:14:"GET[bvVersion]";a:2:{s:4:"size";i:3;s:5:"value";s:3:"0.1";}s:13:"GET[bvMethod]";a:2:{s:4:"size";i:7;s:5:"value";s:7:"getdata";}s:9:"GET[sha1]";a:2:{s:4:"size";i:4;s:5:"value";s:4:"true";}s:8:"GET[sig]";a:2:{s:4:"size";i:40;s:5:"value";s:40:"999ec351091ba0a46f126b0682e3dd8030dad6e0";}}";s:10:"user_agent";s:100:"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0
    #40672
    AITpro Admin
    Keymaster

    Answer:

    That is not malicious code or hacker code. It is serialized database data from your WordPress database. I assume this is some kind of log file. The mc_data folder is created by the MalCare Security plugin.  So the mc.log file is a log file for that plugin.

    Create an AutoRestore exclude rule at the top of the Quarantine page for this folder: /home/596777.cloudwaysapps.com/vqsszrxhna/public_html/wp-content/mc_data/

    Choose: Exclude a Top Level Folder.
    Copy the folder path into the text box: /home/596777.cloudwaysapps.com/vqsszrxhna/public_html/wp-content/mc_data/
    Click the Exclude Folder|File button.
    Restore the 41eb2eea8d9d5e83a0550d3eea892fab-mc.log file in Quarantine.

Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.