Hello,
Windows Defender is repeatedly alerting on .tmp files in C:\Windows\Temp. The alerts appear to be for PHP Backdoors and web shells. The files appear to be randomly named such as ‘php146A.tmp’. I also see a lot of .session files (but I believe they are normal).
I see remote code execution attempts and suspicious POSTs in my IIS web server logs. I’ve scanned my site and don’t see any vulns.. everything should be up to date.
I don’t think anything has actually gotten through to my server.. are these ‘php.tmp’ files normal as wordpress is always being scanned by bots?