Site continually breached
-
My site is continually being breached and I cannot determine how to stop it.
Today I did some deeper digging and I see that there have been changes to a number of files e.g. wp-includes/class-wp.php wp-includes/post.php
That reference about_.php
That file contains some code which is encoded – now deleted
The log files show this
131.72.138.40 – – [23/Mar/2016:14:22:18 +0000] “POST /wp-admin/user/about_.php HTTP/1.0” 302 232
131.72.138.40 – – [23/Mar/2016:14:22:18 +0000] “POST /wp-admin/user/about_.php HTTP/1.0” 200 12
131.72.138.40 – – [23/Mar/2016:14:22:18 +0000] “POST /wp-admin/user/about_.php HTTP/1.0” 302 232
131.72.138.40 – – [23/Mar/2016:14:22:18 +0000] “POST /wp-admin/user/about_.php HTTP/1.0” 200 52
185.82.202.173 – – [23/Mar/2016:14:23:17 +0000] “POST /wp-admin/user/about_.php HTTP/1.0” 302 232
185.82.202.173 – – [23/Mar/2016:14:23:17 +0000] “POST /wp-admin/user/about_.php HTTP/1.0” 200 12
185.82.202.173 – – [23/Mar/2016:14:23:17 +0000] “POST /wp-admin/user/about_.php HTTP/1.0” 302 232
185.82.202.173 – – [23/Mar/2016:14:23:17 +0000] “POST /wp-admin/user/about_.php HTTP/1.0” 200 50How on earth has someone been able to create this file??? Is it a permissions issue?
The topic ‘Site continually breached’ is closed to new replies.