I have a unique issue, where I notice weird folders are in my WP installation.
Can you provide some (weird) folder name examples ?
Anyway sometimes the Hosting Control Panel software (like Plesk) creates folders/files. Nothing weird usually but it’s worth contacting your hosting and hear what they have to say.
To prevent any confusion, I’m not iThemes.
Hi @nlpro
The files name are below:
/file/password/index.php
/file/style.css
/file/index.php
/file/send.php
/file/error_log
/file/Docusign200002.zip
/file1/password/index.php
/file1/style.css
/file1/index.php
/file1/send.php
It’s appearing after a lockout notification.
I need help
Ok, and can you post what is in the /file/password/index.php and /file/send.php files ?
-
This reply was modified 5 years, 6 months ago by
nlpro.
Hi @nlpro
I deleted the files,
After this files appear my site, It was blacklisted in Phishtank,
I remove those and it was whitelisted.
Every time this file appears, I can see series of lockout reported
by iThemes, but the files are not logged in iThemes.
I’m looking for ways to prevent hackers
to drop files in my WP core folder.
Thank you
-
This reply was modified 5 years, 6 months ago by
spanizhfly.
Yes, that file certainly looks malicious.
The iThemes Security plugin is just a tool to strenghten your WordPress site security. Using it is no guarantee your site will never get infected.
For example, if you decide to install a nulled (premium) plugin from a questionable source, chances are it will infect your site with malware.
Please don’t misunderstand, I’m not saying you did this. It’s just an example.
But it is an example, where running the iTSec plugin will not prevent your site from getting infected. There are plenty more examples out there.
Read the FAQ My site was hacked post on ww.wp.xz.cn. It might help you. Good luck;-)
If you require no further assistance please mark this topic as resolved.
Hi @nlpro,
I’m still stuck,
I have to daily go and delete the file manually.
of course i’m not using a null version, that more risky
than anything else on the planet but I do understand your point of view.
Do you have any idea, that I can block hacker from inserting files on the main Wp folder?
Please do advice or I really need help
What you need is assistance in analyzing/cleaning a hacked site. But that’s not what this iTSec plugin forum is for.
So follow the recommendations in the FAQ My site was hacked post on ww.wp.xz.cn … or contact a company specialized in cleaning hacked sites. Through log analysis they will probably be able to identify the vulnerability which allows the hacker to re-infect the site.
These are highly specialized skills you won’t find in this forum.
I hope this helps you get back on track ;-j
