How to identify malicious hack access
-
Hi,
I’ve put off updating for too long and am now seeing the consequences. Although to be fair, the power outages here in Senegal are so frequent that I was reluctant to undertake an upgrade at this time.
I noticed today that one of my sites, Ria Galleria, has been hacked.
I’m now backing up all files before upgrading to the latest version of WP.
However, I note that in the wp-content/cache folder, there are a number of suspicious files, named 68ab712425ad6ec9dbbc59ef2d2e10bb.php, for example.
The code for the above example is as follows:
<?php //O:8:"stdClass":24:{s:2:"ID";s:1:"1";s:10:"user_login";s:3:"Ria";s:9:"user_pass";s:32:"1524198ac426cfdb7cb8ee5849ae0160";s:13:"user_nicename";s:3:"ria";s:10:"user_email";s:19:"ria.bacon@gmail.com";s:8:"user_url";s:19:"http://riabacon.com";s:15:"user_registered";s:19:"2005-11-04 17:00:46";s:19:"user_activation_key";s:0:"";s:11:"user_status";s:1:"0";s:12:"display_name";s:3:"Ria";s:8:"nickname";s:3:"Ria";s:13:"wp_user_level";s:2:"10";s:10:"user_level";s:2:"10";s:15:"wp_capabilities";a:1:{s:13:"administrator";b:1;}s:10:"first_name";s:0:"";s:9:"last_name";s:0:"";s:11:"description";s:0:"";s:6:"jabber";s:0:"";s:3:"aim";s:0:"";s:3:"yim";s:0:"";s:12:"rich_editing";s:5:"false";s:14:"user_firstname";s:0:"";s:13:"user_lastname";s:0:"";s:16:"user_description";s:0:"";} ?>
Questions:
How can I be sure that all similar files are malicious? I don’t want to delete anything that should be there.
Will the update simply delete all the malicious files?
Thanks for your advice.
Ria
- The topic ‘How to identify malicious hack access’ is closed to new replies.