PHP files getting deleted

  • sanjeev1

    (@sanjeev1)


    9 years, 1 month ago

    My site went down few weeks ago, got it restored from an older backup (hopefully clean backup), deleted all FTP users, installed Wordfence plugin, blocked all Russian IP’s, scanned and cleaned/deleted all the files Wordfence scan listed over the past week, fixed file permissions (some were 755, made them 644).

    A few days back the site crashed with error showing a missing file. Uploaded that file from backup and it showed another file was missing. Uploaded 2nd file from backup and site came back up running. Spoke to HostGator (host company) and was told hackers can delete files as well.

    Yesterday again one of the plugin files was deleted/missing. Uploaded the missing file and site came back up running.

    1. Can hackers delete PHP files?
    2. Any suggestions what else can be done in this particular situation to avoid PHP files getting deleted?

    If looking at log helps, please advise what to look for. Would appreciate greatly if you can be a little detailed how to do what you suggest doing.

    Thanks.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    9 years, 1 month ago

    1. Yes

    2. Take a deep breath and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

    If you’re unable to clean your site(s) successfully, there are reputable organizations that can clean your sites for you. Sucuri and Wordfence are a couple.

    sinip

    (@sinip)

    9 years, 1 month ago

    Blocking Russian IPs will not do you much good. 🙂
    Consider the possibility that your computer might be compromised so hackers could obtain anything you type on it, for instance. And if they get FTP credentials for your hosting, they can do anything they want. Of course, there’s a possibility that the backup you used for restore was compromised as well.
    If someone accessed your hosting using FTP, people at Hostgator should have IPs logged.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘PHP files getting deleted’ is closed to new replies.

Tags