WordPress.org

Ready to get started?Download WordPress

Forums

malicious WP installs? (12 posts)

  1. photocurio
    Member
    Posted 2 years ago #

    I got two suspicious emails last night. Both looked like they were sent by some sort of virus. Both contained only a URL, and both URLs appear to point to a WordPress run site:
    one is here:
    http://flowinmotion.at/wordpress/wp-content/themes/twentyeleven/glkrgw.html?lavb=ezdha.zaif&bmj=urza.dhr&ez=kntz
    the other is here:
    http://annefrank.org.il/wp-content/themes/annefrank.org.il/rowcs.html?dhv=er.mdhmp&rdhy=yu.dh&zfm=yadk

    Naturally is is odd that both URLs go to a non-php page inside the wp-content folder. I thought WP didn't allow access to such files.
    Both URLs seem to re-direct to an innocuous news page.
    Does any one know what's going on?

  2. photocurio
    Member
    Posted 2 years ago #

    BTW, a google search for "glkrgw" (as in the flowinmotion site) turns up many such files, all in wordpress installs.

    Also, I am not associated with flowinmotion.at, nor annefrank.org.

  3. photocurio
    Member
    Posted 2 years ago #

    I thought this might get some response.. compromised WP sites are a problem for all of us.

  4. Krishna
    Volunteer Moderator
    Posted 2 years ago #

    Can you post the URL of your site here?

  5. photocurio
    Member
    Posted 2 years ago #

    My site? why?

  6. photocurio
    Member
    Posted 2 years ago #

    if you do a google search for "glkrgw.html" or "rowcs.html" you will get lots of hits on both, and all files found are in wordpress run sites. These files don't seem to have a legitimate function.

  7. Krishna
    Volunteer Moderator
    Posted 2 years ago #

    My site? why?

    Unless you give your site URL, how do you think someone in the forum can tell you if you are infected or not?

    if you do a google search for "glkrgw.html" or "rowcs.html" you will get lots of hits on both, and all files found are in wordpress run sites

    Are you worried about your site or the sites of others? Do you know there are sites tailored to distribute viruses and for other nefarious activities?

  8. photocurio
    Member
    Posted 2 years ago #

    I am not worried about my own site.

    I'm worried because I got a 2 suspicious emails that sent me 2 URLs, both pointing to wordpress installs. I'm wondering if these are legit plugins, viruses, malicious plugins, or what?

  9. Krishna
    Volunteer Moderator
    Posted 2 years ago #

    I am not worried about my own site.

    Then, are you worried about the sites of others? Is this post to remedy the problems of other sites infected with malware?

  10. photocurio
    Member
    Posted 2 years ago #

    I'm trying to find out if sites that contain "glkrgw.html" or "rowcs.html" in their theme folder are infected. If they are infected, how to protect from such a threat?

    There are many such sites, and little info that I can find.

  11. WPyogi
    Volunteer Moderator
    Posted 2 years ago #

  12. photocurio - The issue is that other people have been infected.

    And ... yes. It happens (sadly) quite often due to myriad reasons. We can't prevent everything. Those people need to clean their servers up.

Topic Closed

This topic has been closed to new replies.

About this Topic