post.php file being added to server

  • Resolved generic0

    (@generic0)


    9 years, 8 months ago

    We discovered recently a file called post.php was being added to the root level (inside public_html) and allowing someone to use the default email account to send spam.

    Wordfence does not alert us to this file when it is added – all options are checked except high intensity, its not a file that should be there.

    We cleaned the site on the 30th, the host scanned the server, all actions suggested to clean and reset everything on the site were taken, virus scans run on users computers.

    The file did not appear for two days… today the post.php file was back on the server. I deleted the file, but have a screen capture of the code if needed.

    Why is Wordfence not detecting this file and what is the next step to get stop this from happening?

    https://wordpress.org/plugins/wordfence/

Viewing 2 replies - 1 through 2 (of 2 total)
  • wfalaa

    (@wfalaa)

    9 years, 8 months ago

    Hi generic0,
    Please make sure you are running the most recent version of WordPress and all your installed plugins are updated to the latest version.

    Also, send this file contents (or screenshot as you mentioned) to “samples [at] wordfence [dot] com” for further investigations.

    Thanks.

    Thread Starter generic0

    (@generic0)

    9 years, 8 months ago

    Thank you, yes everything was the most recent version – with one exception, the wp-config file, even though I “looked” at it, replaced the secret keys, I completely overlooked a malicious script added at the very top of the file. Found that last night and removed it.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘post.php file being added to server’ is closed to new replies.