Title: Server malware
Last modified: December 4, 2024

---

# Server malware

 *  [istok](https://wordpress.org/support/users/istok/)
 * (@istok)
 * [1 year, 6 months ago](https://wordpress.org/support/topic/server-malware/)
 * /wp-content/plugins/cyr-and-lat/connents.php
 * Antimaleware scan shows since weeks an infection
 * **
   SRV
   SMW-INJ-28445-php.bkdr.drpr-1
 * Server malware usually consists of hacker backdoors, web shells, malicious file
   insertions, spam mailers, doorways and hacker tools. It is usually located in
   PHP, PL or Python files.
 * Below connents.php:
 * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fserver-malware%2F%3Foutput_format%3Dmd&locale=en_US)
   to see the link]_

Viewing 4 replies - 1 through 4 (of 4 total)

 *  Thread Starter [istok](https://wordpress.org/support/users/istok/)
 * (@istok)
 * [1 year, 6 months ago](https://wordpress.org/support/topic/server-malware/#post-18178887)
 *     ```wp-block-code
       <!--RozblTyG--><?php[Example of obfuscated PHP code]
       ```
   
    -  This reply was modified 1 year, 6 months ago by [Andrew Ozz](https://wordpress.org/support/users/azaozz/).
 *  [neotrope](https://wordpress.org/support/users/neotrope/)
 * (@neotrope)
 * [1 year, 6 months ago](https://wordpress.org/support/topic/server-malware/#post-18178994)
 * I think you are posting about the *wrong* plugin here, mate.
 *  Thread Starter [istok](https://wordpress.org/support/users/istok/)
 * (@istok)
 * [1 year, 6 months ago](https://wordpress.org/support/topic/server-malware/#post-18179027)
 * But when looking readme file in this [https://wordpress.org/plugins/cyr2lat/](https://wordpress.org/plugins/cyr2lat/)
   it shows text about classic editor so I thing it is a part of your plugin.
 *  I havent installed such plugin like cyr2lat
 * Or is it a part of wordpress?
 * It isn’t to see as a standalone plugin in admin menu
    -  This reply was modified 1 year, 6 months ago by [istok](https://wordpress.org/support/users/istok/).
 *  Plugin Author [Andrew Ozz](https://wordpress.org/support/users/azaozz/)
 * (@azaozz)
 * [1 year, 6 months ago](https://wordpress.org/support/topic/server-malware/#post-18179279)
 * Yea, [@neotrope](https://wordpress.org/support/users/neotrope/) is right. This
   seems to be about the [Cyr to Lat Reloaded](https://wordpress.org/plugins/cyr-and-lat/)
   plugin, or rather about an exploit that was hidden in that plugin’s directory.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Server malware’ is closed to new replies.

 * ![](https://ps.w.org/classic-editor/assets/icon-256x256.png?rev=1998671)
 * [Classic Editor](https://wordpress.org/plugins/classic-editor/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/classic-editor/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/classic-editor/)
 * [Active Topics](https://wordpress.org/support/plugin/classic-editor/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/classic-editor/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/classic-editor/reviews/)

 * 4 replies
 * 2 participants
 * Last reply from: [Andrew Ozz](https://wordpress.org/support/users/azaozz/)
 * Last activity: [1 year, 6 months ago](https://wordpress.org/support/topic/server-malware/#post-18179279)
 * Status: not a support question