Title: malware Last modified: August 31, 2016 --- # malware * [obertscloud](https://wordpress.org/support/users/obertscloud/) * (@obertscloud) * [10 years, 3 months ago](https://wordpress.org/support/topic/malware-57/) * my internet host 1and1.com is saying the following file * This is an urgent message regarding the security of your website(s) hosted with 1&1 Internet. Our anti-virus scanner has reported that at least one malicious script or file has been uploaded to your web space. * Name and Path to the file: ~/wp-content/plugins/custom-login/includes/admin/tracking. php * To protect you and your site visitors from hacker attacks, our anti-virus scanner checks every file that is uploaded or modified. Malicious files are then disabled automatically. * NOTE: Your website(s) may continue to be attacked until you have taken steps to secure them. This attack may cause irreparable damage to your sites. Our scanner will continue running and will disable any files found to have malicious code. * The intrusion point is either a compromise of one of your passwords or a vulnerability in the software that you have installed. Here are the steps to follow to ward off this attack and restore the security of your site and data: * I had to change all my ftp, my database passwords and everything, not sure why this is listing, do i need this file ? * [https://wordpress.org/plugins/custom-login/](https://wordpress.org/plugins/custom-login/) Viewing 3 replies - 1 through 3 (of 3 total) * Thread Starter [obertscloud](https://wordpress.org/support/users/obertscloud/) * (@obertscloud) * [10 years, 3 months ago](https://wordpress.org/support/topic/malware-57/#post-7100387) * yes bulletproof security plugin also identified this as malicious script, it has security flaws, they were able to use it to upload other .php scripts in my uploads folder, other plugin folders i since removed this plugin from my site until you fix it, * here is the list of the files they created not sure which ip yet but tracking it down. * ./wp-content/plugins/cybersyn/render.php * ./wp-content/themes/twentythirteen/js/view55.php ./wp-content/uploads/2014/07/ code.php ./wp-content/uploads/2012/01/db48.php ./wp-content/uploads/ithemes-security/ backups/info47.php * Plugin Author [Austin](https://wordpress.org/support/users/austyfrosty/) * (@austyfrosty) * [10 years, 3 months ago](https://wordpress.org/support/topic/malware-57/#post-7100521) * That file doesn’t have any upload rights or do anything that would render it malicious. There is a chance that your site was hacked and someone modified that file. * Thread Starter [obertscloud](https://wordpress.org/support/users/obertscloud/) * (@obertscloud) * [10 years, 3 months ago](https://wordpress.org/support/topic/malware-57/#post-7100541) * no hacked said it came from your plugin Viewing 3 replies - 1 through 3 (of 3 total) The topic ‘malware’ is closed to new replies. * ![](https://ps.w.org/custom-login/assets/icon.svg?rev=3077180) * [Custom Login](https://wordpress.org/plugins/custom-login/) * [Frequently Asked Questions](https://wordpress.org/plugins/custom-login/#faq) * [Support Threads](https://wordpress.org/support/plugin/custom-login/) * [Active Topics](https://wordpress.org/support/plugin/custom-login/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/custom-login/unresolved/) * [Reviews](https://wordpress.org/support/plugin/custom-login/reviews/) * 3 replies * 2 participants * Last reply from: [obertscloud](https://wordpress.org/support/users/obertscloud/) * Last activity: [10 years, 3 months ago](https://wordpress.org/support/topic/malware-57/#post-7100541) * Status: not resolved