BulkseoRow.php malware issue

Resolved catwingz
(@catwingz)

1 year, 3 months ago

Hi, The website is hidden behind a coming soon page so you probably won’t be able to check anything.

The site is hosted with Dreamhost. We just received the following notice: ”

We have identified malicious content on your account, added by an outside entity, which may include malware such as backdoor shells, adware, botnet, and spammer scripts.

The following file(s) specifically have been identified as attacker-added malware. We have DISABLED these files by setting their permissions to 200 (Owner write-only). You will need to audit these files and either replace them with known good versions or remove them altogether:

/home/dh_ase77g/xxx.com/wp-content/plugins/squirrly-seo/view/Assistant/BulkseoRow.php “

If I delete it will it be missed? What action should I take?

Thank you

The page I need help with: [log in to see the link]

Viewing 7 replies - 1 through 7 (of 7 total)

Plugin Support Peter
(@petersquirrly)

1 year, 3 months ago

👋Hi,

Thank you for reaching out.

What we recommend is to install Wordfence and do a PHP integrity scan.

The file can be found directly on WordPress and does not contain malware.
https://plugins.svn.ww.wp.xz.cn/squirrly-seo/trunk/view/Assistant/BulkseoRow.php

It’s probably a breach in the website and malware has infected several files.

With Wordfence you will be able to identify and clean the files.

After the site is clean, we also recommend our security plugin WP Ghost for Hack Prevention so that it doesn’t happen again in the future.

Thread Starter catwingz
(@catwingz)

1 year, 3 months ago

@petersquirrly , Wordfence is already installed and I think it missed this. It is my understanding that the php integrity scan you suggest is part of Wordfence’s regular scan. Dreamhost spotted it and disabled the bulkseorow.php file.

I intend to delete the file. Should I delete and reinstall Squirrly? Or will the file not be missed?

Thank you

Plugin Support Peter
(@petersquirrly)

1 year, 3 months ago

The file shouldn’t be removed but rather cleared out with Wordfence.

Also, we don’t recommend deleting Squirrly SEO as all the data will be lost and you will have to add it again.

The best way to go about it is to use Wordfence to find the corrupted files and fix them instead of deleting.

Thread Starter catwingz
(@catwingz)

1 year, 3 months ago

@petersquirrly Wordfence doesn’t even see the file because of the blocking placed on it by Dreamhost. It’s not even possible to open it with the file editor for review.

Since the site is hidden behind a “coming soon” page there really isn’t any data to save. Unless you have an alternate suggestion I think the delete/reinstall strategy is the only path open to us.

Thank you

Plugin Support Peter
(@petersquirrly)

1 year, 3 months ago

Please go to Squirrly SEO > Import & Data > Rollback Plugin > Reinstall Current Version and give it another try. Let’s see if this helps.

Thread Starter catwingz
(@catwingz)

1 year, 3 months ago

That’s a great feature. It appears to have solved the problem. Dreamhost has now whitelisted the file. Thanks for your help.

Fyi, I thought I would give WP Ghost a try but it’s not getting off to a good start. Yet another support thread…

Plugin Support Peter
(@petersquirrly)

1 year, 3 months ago

Great to hear that it’s working now!

As for WP Ghost, no worries, we are here to help.

Viewing 7 replies - 1 through 7 (of 7 total)

The topic ‘BulkseoRow.php malware issue’ is closed to new replies.