vornanc
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: Malicious files keeps coming back over and over again@marouane91 no worries.
It was an interesting experience if I’m honest. The first time I found out about any kind of malicious files was when they suspended the account. So obviously removed the files straight away, but then they kept coming back, reinstalled the whole site – nothing.
The way their support worked was interesting, getting the first initial response was always pretty much instant, but any subsequent responses took time, hours going up to a day. They claimed that spam emails were being sent out, when I asked for a copy they attached an email from May which was a legitimate email…
Eventually it got to a stage where I’d go up to them saying “Hey, the files are back, can you provide more logs on how they got back” which then as usual they avoid answering the question and suspend the website again…
They had no useful logs other than, we don’t really know how the files got there, it wasn’t via FTP. I’ve even installed a plugin that would log any WordPress activity to see if it logs anything – nothing. So their support was absolutely useless other than suspending the website each time which again was useless. The issue was there but they had nothing that they could help with or provide, me being the final user access to logs is relatively limited.Hope you get to the bottom of it 🙂
Forum: Fixing WordPress
In reply to: Malicious files keeps coming back over and over again@marouane91 no worries! Sure thing, I used to be with Siteground before, swapped to Virtono which is a smaller ish Romanian hosting company. Not had any issues, the sites work like charm and are reasonably fast.
Forum: Fixing WordPress
In reply to: Malicious files keeps coming back over and over again@marouane91 I never managed to get to the bottom of it. I’ve changed the host, not had a single issue since.
Forum: Fixing WordPress
In reply to: Malicious files keeps coming back over and over again@websprout I have changed all of the FTP passwords twice before, that didn’t seem to have any effect 🙁
@jnashhawkins I’ve sent the link in your direction. I have not tried with iThemesSecurity, but I’ll give it a go and install it to see if it picks up anything.
Post by email is disabled from what I can see, similarly, comments and trackbacks/ping are also disabled From what I can see it is currently running on php 7.1, MySQL server version appears to be 5.6.
All of the security plugins I’ve been using so far flag up the files, Worfrence flags it up as:
The issue type is: Suspicious:PHP/commentencoding.6371
Description: Suspicious comments injected inline into the use of functions to obfuscate behaviour.
Looking at the FTP, the file was uploaded today 07:14, so there is definitely something there which uploads that file through.I wouldn’t normally involve hosts, I’ve been with 3 different hosts myself, and never had any issues of this kind. In this instance, it’s a family member’s site and I can’t seem to get my head around it 😐
@crouchingbruin thanks for that. I did install that plugin, it seemed to have picked up on the same files Wordfence has. I’ll repair them and leave it active to see if the firewall does its thing.
Although I do have a feeling it might be time to look at different hosts.