WordPress.org

Ready to get started?Download WordPress

Forums

Malware detected problem in ms-setting.php - Help! (5 posts)

  1. troykd
    Member
    Posted 2 years ago #

    A linux malware detection software (maldet) popped on ms-setting.php

    FILE HIT LIST:
    {HEX}php.cmdshell.Err0R.229 : /home/mysite/public_html/wp-includes/ms-setting.php

    I can't just delete this file right? Could I get help with identifying the offending code.

    [Code moderated. Please do not post hack code blocks in the forums. Please use the pastebin]

  2. troykd
    Member
    Posted 2 years ago #

    Here's the code on pastebin

    http://pastebin.com/5JxegnjX

  3. Uh. THAT is wrong.

    Delete the entire wp-includes folder.

    Download a fresh instance of WP here: http://wordpress.org/download/

    Upload that, and then change ALL your passwords.

  4. Ryan Hellyer
    Member
    Posted 2 years ago #

    I suggested deleting your entire install and reinstalling from a backup.

    If it is feasible, then wipe the database clean and reimport using the WordPress importer (scrubs out any potential nasties from the database. If that isn't feasible, then make sure you comb through the database looking for any bad stuff that might be in there.

  5. perezbox
    Member
    Posted 2 years ago #

    Hey torykd

    Make sure you disable PHP execution in your includes folder as well and verify your perms on directories and files.

    Good luck.

Topic Closed

This topic has been closed to new replies.

About this Topic