Curious about recurring post.php hack | ww.wp.xz.cn

mvidberg
(@mvidberg)

10 years, 6 months ago

I manage a number of WordPress installations and just one of them is continually plagued by the same hacking issue. A file keeps showing up in the root wordpress folder called post.php. It has ownership set the same as my other files, which is www-data:www-data (this is on a debian server). It contains obfuscated PHP code which allows running code from an attacking site. (if you are interested, the code can be seen in this txt file… http://simplemindedme.com/bad-post.txt )

I have changed the password on the wordpress installation as well as my server account. I do not run FTP, only access the site via ssh. I am running wordfence which indicates no issues on the strictest settings. I have run other command line scripts to search for code in image files, again nothing found. I have check all my cron jobs… nothing in there. So my question is, how does this file keep re-appearing?

Viewing 4 replies - 1 through 4 (of 4 total)

Thread Starter mvidberg
(@mvidberg)

10 years, 6 months ago

Should also mention that the site is running the twentyfifteen theme and only 2 plugins, Captcha by BestWebSoft and Wordfence.

mdisch
(@mdisch)

9 years, 11 months ago

Did you find out what caused post.php file re-appearing in the root wordpress folder? I’m having the same issue lately.

Moderator Steven Stern (sterndata)
(@sterndata)

Volunteer Forum Moderator

9 years, 11 months ago

mdisch: please open a new thread for your issue. thanks.

mdisch
(@mdisch)

9 years, 11 months ago

sterndata, the post/question is for mvidberg.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Curious about recurring post.php hack’ is closed to new replies.

Tags

hacked

In: Fixing WordPress
4 replies
3 participants
Last reply from: mdisch
Last activity: 9 years, 11 months ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics