F0xAutoConfig in wp-admin

  • Resolved ic3maker

    (@ic3maker)


    4 years, 1 month ago

    Hey,
    I recently found the folders ‘F0xAutoConfig’ and ‘F0xAutoConfig404’ in my wp-admin directory, where the latter contains loads of weird subfolders each only containing a .htaccess file. Some of these folders contain the username of the hosting account of my website.
    Does anybody know what this is? Googling ‘F0xAutoConfig’ suggests that this might be related to some malware.. What do you guys think?

    • This topic was modified 4 years, 1 month ago by ic3maker.
Viewing 4 replies - 1 through 4 (of 4 total)
  • Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    4 years, 1 month ago

    Install the plugin “wordfence” and have it scan your site (including all files). What does it say?

    I definitely seems like a hack. If WordFence agrees, get a fresh cup of coffee, take a deep breath and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

    If you’re unable to clean your site(s) successfully, there are reputable organizations that can clean your sites for you. Sucuri and Wordfence are a couple.

    Thread Starter ic3maker

    (@ic3maker)

    4 years, 1 month ago

    Ok, so I tried running Wordfence in high sensitivity mode which unfortunately fails. The standard mode works, however it is not mentioning any issues with the F0xAutoConfig directories. It does complain about php.ini files at unexpected locations in the WP core, though.
    So my idea is to first contact the hoster and see if they maybe know about these files. Otherwise, do you think it is safe to just delete the suspicious stuff?

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    4 years, 1 month ago

    Yes, delete suspicious stuff (but backup first). Unless put there by your host, php.ini is not part of WP. Your host might have one php.ini in the WP root directory.

    Thread Starter ic3maker

    (@ic3maker)

    4 years, 1 month ago

    Alright, thanks for helping out!

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘F0xAutoConfig in wp-admin’ is closed to new replies.