leithcampbell
Forum Replies Created
-
Got a fresh one today: wp-content/wfcache/www.krug.com_
This url appears to be a French champagne company.
Thank you for your suggestions Tim. I have not seen the URL reappear today. The scan as you suggested found one very old perl script in cgi-bin with eval() and base64 in the same line. I deleted that unused file. It also found 2 other files with a similar pattern in an accounting package outside of WP that are part of the commercial distributuion.
WordPress, the theme, and all plugins are completely up-to-date. It’s all just one of those things that make you go hmmmmmmm?
Ooops! The URL directory is back again at 6:49 this morning. They must have been on holiday.
For whatever it’s worth, the suspicious URL’s have not appeared since the day I provided my website address to Tim.
Thank you Tim!
With research, I have found that passiontimes.hk has been under heavy attack by hackers groups. That might explain why this particular url is present, but it doesn’t explain how they are placing it. I also don’t know how it is being used and, frankly, leaves me a little concerned about a security hole in WF.