Guide on Interpreting a Monitoring Report

A monitoring report is a comprehensive document that provides an overview of changes made to files on your server or user's browser. It is divided into three primary sections: New Files, Changed Files, and Deleted Files. Understanding the report can help you identify potential security risks and take appropriate action.

High-Risk Changes:

High-risk changes refer to modifications made to files that can be executed on the server or user's browser. These files often have extensions such as *.php, *.phtml, *.js, among others. Any unauthorized changes to these files could potentially harm your server, website, or users.

Low-Risk Changes:

Low-risk changes, on the other hand, refer to modifications made to files that pose little to no harm to the server, website, or users. These files typically include *.jpg, *.png, *.css, *.txt, and others.

New Files:

If your report indicates high-risk files in the New Files section, don't panic. Instead, review the files in detail.

Files in cache folders with long filenames, such as /c203d8a151612acf12457e4d67635a95.php or /wp-cache-c203d8a151612acf12457e4d67635a95.php, can be ignored. These are typically the result of your cache plugin's operation.

If you see files like dir.php, xml56.php, adminer.php, etc., you should be concerned. These are likely virus files and need to be analyzed and removed from the server.

New files in folders like /wp-content/plugins/, /components/, /plugins/, etc., and you didn't install any new plugins or update existing ones, could indicate a hacker has access to your admin area. These files need to be reviewed.

A large number of *.html or *.php files in strange folders (not part of your CMS) could suggest someone has uploaded fake pages. These files should be removed.

If you see low-risk files in folders like /upload/, /tmp/, etc., you can ignore this alert. It's likely you uploaded images or other non-threatening files.

Changed Files:

If your report shows high-risk files in the Changed Files section, you need to examine what changes were made.

If you notice changes in template/theme files and you didn't edit your theme files, this could be a cause for concern. It's possible a hacker or virus made these changes, and they need to be analyzed and removed.

If you updated a plugin and received this alert, it's okay. It's a normal part of the update process.

Deleted Files:

This section shows which files have been removed from the server. While viruses typically don't remove files, any strange activity should be analyzed or reported to us.

For users with a Standard, Premium or Business security subscription, our team analyzes all changes in real-time and fixes any issues if necessary. Therefore, no action is required on your part.