WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] 2.8.2 has malware (6 posts)

  1. ginoxy
    Member
    Posted 4 years ago #

    Hi,

    few days ago i tried to post an article and link it to another website and when i clicked on (the link icon) got an RED screen telling me that my site is an attack site and this was from google i believe i link that google reports that it is an attack was this

    http://www.mysite.com/wp-includes/js

    and only "js" !!

    i looked over that folder and found that there was a new folder called "included" and that folder has file called crickweb and that file has many .html .jpeg .gif files !!! which i dont know how that one has been created !!

    i deleted the crickweb file but left the folder (included) there

    so guys do you believe that 2.8.2 has something ?

    and how can i fix this ?

  2. @mercime
    Volunteer Moderator
    Posted 4 years ago #

    It's not WordPress 2.8.2 that has the problem. Someone's hacked/attacked your site and uploaded files to your wp-includes folder.

  3. ginoxy
    Member
    Posted 4 years ago #

    so do i have to remove this "includes" file !!

  4. mrmist
    Forum Janitor
    Posted 4 years ago #

    It's more likely that the hack was introduced before you moved to 2.8.2.

    Check http://codex.wordpress.org/FAQ_My_site_was_hacked

  5. ginoxy
    Member
    Posted 4 years ago #

    does this look okay to you ?
    its from .htaccess

    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^http://mysite.com/.*$ [NC]
    RewriteCond %{HTTP_REFERER} !^http://mysite.com$ [NC]
    RewriteCond %{HTTP_REFERER} !^http://webmail.mysite.com/.*$ [NC]
    RewriteCond %{HTTP_REFERER} !^http://webmail.mysite.com$ [NC]
    RewriteCond %{HTTP_REFERER} !^http://www.mysite.com/.*$ [NC]
    RewriteCond %{HTTP_REFERER} !^http://www.mysite.com$ [NC]
    RewriteCond %{HTTP_REFERER} !^http://www.webmail.mysite.com/.*$ [NC]
    RewriteCond %{HTTP_REFERER} !^http://www.webmail.mysite.com$ [NC]
    RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ - [F,NC]
    # BEGIN WordPress

    # END WordPress

    <Files 403.shtml>
    order allow,deny
    allow from all
    </Files>

    deny from 74.210.4.54

  6. ginoxy
    Member
    Posted 4 years ago #

    i fixed the malware thing just deleted that file "includes" from wp-includes

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.