Support » Plugin: Wordfence Security - Firewall & Malware Scan » “Description: Backdoor used for backlink injection and other malicious activity”

  • Resolved paul887

    (@paul887)


    I let a developer (Peopleperhour) build a website for me.
    Since he finished (4 days ago) I did nothing other than update plugins.
    Today I run wordfence

    I got 5x warnings like this:

    Filename: wp-content/themes/twentysixteen/functions.php
    File Type: Theme
    The matched text in this file is: $div_code_name=”wp_vcd”;
    The issue type is: Backdoor:PHP/wp-vcd.5473
    Description: Backdoor used for backlink injection and other malicious activity.

    ———————

    1x this:

    Filename: wp-content/plugins/formcraft3/formcraft-main.php
    File Type: Not a core, theme, or plugin file from wordpress.org.
    The matched text in this file is: <?php if (file_exists(dirname(__FILE__) . ‘/class.plugin-modules.php’)) include_once(dirname(__FILE__) . ‘/class.plugin-modules.php’); ?><?
    The issue type is: Suspicious:PHP/checkandincludeprepend.5948
    Description: Suspicious code often found infecting files

    ———————–

    1x this:

    Filename: wp-includes/wp-tmp.php
    File Type: Not a core, theme, or plugin file from wordpress.org.
    The matched text in this file is: $ip=@file_get_contents(ABSPATH.’wp-includes/wp-feed.php’
    The issue type is: Spam:PHP/oclasinsert.5483
    Description: Inserts spam code into the site.

    ———————–

    I can’t assess how bad it is. I’m really a layman here.
    Can I ignore it, should I let it clean, should I click “delete” despite WF warnings, is this the right place to ask for support, I’m lost…

    Every input is appreciated.
    Thanks

    • This topic was modified 4 months, 3 weeks ago by  paul887.

    The page I need help with: [log in to see the link]

Viewing 9 replies - 1 through 9 (of 9 total)
  • Plugin Support WFGerroald

    (@wfgerald)

    Hey @paul887,

    Unfortunately, it does seem like your site has been compromised. I’d suggest immediately updating all passwords including WordPress, hosting console, (s)FTP and database. Here’s a guide that will help with cleaning the site.

    https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/

    Please let me know how it goes.

    Thanks,

    Gerroald

    Thank you Gerroald,

    I feel flattered that you think I could clean my website all by myself.
    No, someone is working on it.

    So, finally me too was compromised.
    I started to feel depressed as it seemed that hackers didn’t care about my website.

    Being a layman, when I get such issues I need someone who enters my Plesk or WP admin dashboard and take care of them.
    Even with the best Antivirus App, I don’t feel I can do it by myself.
    For example, when WF discovered those issues, it offered to delete files.
    I would never take that decision, as I’ve no idea what I’m doing.

    Does WF Premium Support enters my Admin Panels and work their magics, or do they support me just in explaining to me step by step what I have to do?

    Plugin Support WFGerroald

    (@wfgerald)

    Hey @paul887,

    It is very frustrating that people feel the need to maliciously attack sites. This is why we do what we do.

    We’ll give you the same advice in Premium as we will here. We try our best to support the safety of sites either way :). With that said, if you don’t feel comfortable with cleaning the site (which is completely understandable) my best suggestion would be to reach out to a hack repair service. If you did follow the guidelines, and the site was reinfected it means the root issue hasn’t been addressed. This means a professional needs to find and patch it, which is something I’m not even capable of.

    I don’t like to be the bearer of bad news, but I really think your best option is to reach out to a professional hack repair service to have the site cleaned and patched.

    Please let me know if you have any other questions.

    Thanks,

    Gerroald

    exclusiveglobalcontractors

    (@exclusiveglobalcontractors)

    Hello does anyone know if Sucuri Website Security Is good to run with Wordfence?

    Hi Gerroald,
    thanks for your time.

    My line “I started feeling depressed as it seemed that hackers didn’t care about my website” was a joke of course 🙂

    As you rightly say, I really don’t feel comfortable fiddling with my computer or my website, following mechanically instructions (which I’m not sure I’m rightly understanding) with no idea of what I’m doing.

    Hack repair service.
    Much appreciated advice.
    You won’t believe me, but I didn’t know about this option.
    This is my level in this area…

    Yesterday I found someone on peopleperhour specialised in malware cleaning.
    He is not only a freelancer but also leads a little company in England offering hosting services with 100% hack-free guarantee, so I guess he knows what he’s doing.

    I’m a little disappointed because I thought that my server provider (a2Hosting) would take care of security issues, as I have a managed account over there, which is not exactly cheap.

    My plan was/is to find a trustable freelancer and delegate him the perpetual security of my website.

    I inserted “hack repair service” in google and of course I was offered with a lot of results.
    Is there any specific important criteria I have to look at while filtering?

    Thanks again

    Probably the best place to find someone who would take care perpetually of my website would be hackers forums, but sadly I don’t possess the knowledge making me able to understand how competent someone is, not to mention trustable

    Plugin Support WFGerroald

    (@wfgerald)

    Hey @paul887,

    We offer such a service, you can find information in the article I shared.

    These are a couple of well-known companies that also provide the service.

    https://www.sucuri.net

    https://www.sitelock.com

    You might also ask your host if they offer such a service, or have any recommendations.

    Thanks,

    Gerroald

    The article you shared… of course!
    Wordfence offers this service too.

    Among all the info I was confronted with and my current tribulations, it slipped out of my awarenesses…

    Thanks Gerroald!

    From now on I will update things asap
    Lesson learned …

    Plugin Support WFGerroald

    (@wfgerald)

    Hey @paul887,

    No problem at all. It’s definitely a lot of information to take in, especially when you’re faced with something like this.

    Please let us know if anything else comes up.

    Thanks,

    Gerroald

Viewing 9 replies - 1 through 9 (of 9 total)
  • You must be logged in to reply to this topic.