Malware

  • wasootch

    (@wasootch)


    11 years ago

    My webhost just let me know that their scan found these files:

    Maldet Scanner:

    {HEX}gzbase64.inject.unclassed.15 : /home/partysim/partysimplicity.com/html/wp-content/uploads/wysija/themes/pbvunwjf/qbpush.php
    {HEX}php.nested.base64.533 : /home/partysim/partysimplicity.com/html/wp-content/uploads/wysija/themes/libs/cache.php

    Custom Scanner:

    /home/partysim/partysimplicity.com/html/wp-content/uploads/wysija/themes/tmp/qckNh.php
    /home/partysim/partysimplicity.com/html/wp-content/uploads/wysija/themes/pbvunwjf/qbpush.php
    /home/partysim/partysimplicity.com/html/wp-content/uploads/wysija/themes/libs/cache.php
    /home/partysim/partysimplicity.com/html/wp-content/uploads/wysija/themes/indextheme/maintheme.php

    I think these are all malware and can be safely deleted. There are other .php files in other folders in this themes directory. Can all of these be removed?

    What I find strange is this site:
    https://sitecheck.sucuri.net/

    Is not finding these…

    Any other advice you can give?
    Thanks!

Viewing 3 replies - 1 through 3 (of 3 total)
  • Thread Starter wasootch

    (@wasootch)

    11 years ago

    My permissions on that uploads folder are 755… just an fyi. I think that is the correct setting?

    I’ve added a .htaccess to that uploads folder that is supposed to disable .php scripts from running as per the advice of a blog post I read.

    Mark Ratledge

    (@songdogtech)

    11 years ago

    Carefully follow FAQ – My Site Was Hacked.

    Then take a look at the recommended security measures in Hardening WordPress and Brute Force Attacks

    Change all passwords. Scan your own PC. Tell your web host you got hacked; and consider changing to a more secure host: Recommended WordPress Web Hosting

    If you can’t do the work yourself, consider looking for a reputable person on freelancing sites such as Elance. (FYI, it’s not a good idea to respond to unsolicited emails from forum users offering to work for you.)

    Thread Starter wasootch

    (@wasootch)

    11 years ago

    But what I’m wondering mostly is are these particular files needed? I think they are not and are probably Malware…. I just wanted to make sure before I delete them.

    I believe I’m on a reputable host. But perhaps not. It’s been fine up until the latest notification about WordPress having a vulnerability.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Malware’ is closed to new replies.