Hacker?

  • AxKa

    (@axka)


    12 years, 2 months ago

    We keep finding the file .backup_time in the root of our installation. After being deleted it keeps popping up as soon as the wp index.php is triggered.
    Next to that we have the following string in our wp-database:

    a:9:{s:7:”enabled”;b:1;s:6:”method”;b:1;s:9:”file_list”;a:2:{i:0;s:30:”wp-content/infinitewp/backups/”;i:1;s:12:”.backup_time”;}s:5:”types”;a:6:{i:0;s:4:”.jpg”;i:1;s:5:”.jpeg”;i:2;s:4:”.png”;i:3;s:4:”.log”;i:4;s:3:”.mo”;i:5;s:3:”.po”;}s:5:”email”;b:1;s:5:”split”;b:0;s:12:”notify_admin”;b:0;s:10:”last_chunk”;b:0;s:8:”last_run”;d:1396344213;}

    Does the file.backup_time belong to the iThmes/Better WP Security) installation?

    regards,
    AxKa

    https://ww.wp.xz.cn/plugins/better-wp-security/

Viewing 2 replies - 1 through 2 (of 2 total)
  • darkmatter661

    (@darkmatter661)

    11 years, 10 months ago

    I am also having this issue and can’t figure out if it’s malware or what. My auto backup is OFF for better-wp-security so I don’t know what it is. My guess is it’s part of malware, it’s in every root WP directory and other directories as well. If anyone’s gone through this I’d really appreciate any help! The contents seem to be base64 encoded. I can’t find the script it creates anywhere. I don’t know what to do next.

    [ Moderator note: encoded gobley-gook redacted ]

    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    11 years, 10 months ago

    @darkmatter661 Your data and problem are different from the original poster’s.

    Per the forum welcome please post your own topic with your own details.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Hacker?’ is closed to new replies.