Malware security problems

  • kashmirs22

    (@kashmirs22)


    10 years, 10 months ago

    Hello to all,

    Couple of my WordPress sites are running with some problem in last two months. I can see here and there problems in the frontend and when I connect with FTP I see changes to my folders and files.

    Most often changes are visible in form of new folders created in WordPress root directory. Folders are mostly named “articles1” and “articles2” and have dozens of subfolders inside. Inside folders are files named index.html/index.php and from the content of that files I can see malware is related to SEO because they have titles like “cheap bags” and link to external sites.

    What I dont get is how the attacker is breaking my installation. From the logs I have saw that often outdated Revolution slider was the problem, but now it is updated and I am seeing malware again.

    I am running classic Cpanel Linux server, and its updated.

    Couple of questions for one that perhaps can help:

    #1 Are there any good limitations on the server side I can create to disable the problems? .htaccess, cpanel settings i.e. ?

    #2 Have anyone had similiar problems to this? What were the solutions?

    #3 If I update WordPress to latest version, and update all of my plugins to latest version – can attacker still came in, where and how?

    #4 Are there any other recommendations / plugins / settings for this specific kind of problems?

    I thank you all in advance,

    Josip

Viewing 3 replies - 1 through 3 (of 3 total)
  • leejosepho

    (@leejosepho)

    10 years, 10 months ago

    often outdated Revolution slider was the problem

    I do not have that installed, but I do see a lot of hits at my own sites where ‘bots are trying to do things by accessing that.

    #1 Are there any good limitations on the server side…

    #3 If I update WordPress to latest version, and update all of my plugins to latest version – can attacker still came in, where and how?

    #4 Are there any other recommendations / plugins / settings for this specific kind of problems?

    Updating everything WordPress can help reduce known vulnerabilities, but that nether “hardens WordPress” nor provides actual server-level security. I do not know all the fine details of exactly what is being done where, but here in my own order of priority is what I have in place and I never have any intrusions:

    1. BulletProof Security exclusively handling all .htaccess
    2. Wordfence Security throttling aggressive traffic and also doing whatever else it does
    3. NinjaFirewall stopping certain traffic before it ever even gets to WordPress

    Thread Starter kashmirs22

    (@kashmirs22)

    10 years, 10 months ago

    It would still be pretty useful to know exactly what is going on, and what type of problem is this. I am not clear is it a hacker – person, a script running on the server, or something else.

    I also wonder can the script act and exploit one installation and then affect the others.

    I just saw that this script was inserted in the footer one one of my wordpress sites http://adahb.org/pollen/lib/files/utils/notify.js

    Still looking for more information, if anyone has something useful – thanks in advance

    Josip

    paztelu

    (@paztelu)

    10 years, 2 months ago

    I just saw that this script was inserted in the footer one one of my wordpress sites http://adahb.org/pollen/lib/files/utils/notify.js

    Hello, I have the same problem on my web page, did you manage to solve this problem? Im looking to being somewhere searching how this code made it into my web page.

    Thanks

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Malware security problems’ is closed to new replies.