File contains suspected malware

  • Resolved nzcid

    (@nzcid)


    8 years, 9 months ago

    Greetings

    A site I help on was hacked several months ago and Wordfence cleaned it all up for us which was amazing.

    In the initial scan there were some .dat files in the plug-in folder that contained urls to other sites. These were all deleted and until last night the site has remained clear of any files.

    File contains suspected malware URL: /home3/residual/public_html/mysite.net/wp-content/plugins/docs/cache/8b0d78fb5cf30e25fd5a4924e072f6ea.dat

    Via Cpanel I logged and checked this doc directory under plug-ins which is not normal and consequently deleted this directory and everything in it.

    My concern is though how they are doing they are managing to put this directory on the server. Any suggestions?

    A real big thanks for the team at wordfence for a great plug-in and gave it 5 stars.

    https://wordpress.org/plugins/wordfence/

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author WFMattR

    (@wfmattr)

    8 years, 9 months ago

    You might not be able to track down how someone got in to place that file, but there are a lot of good recommendations in this article to keep your site secure going forward, even if you have already cleaned what you have found:
    My site was hacked. How do I use Wordfence to clean it?

    If you know the date/time that was on the file, your host may be able to help you go through your web server and FTP logs, to see if there is anything relevant around the same time, but sometimes the file dates are faked, which makes it difficult. On shared hosting, sometimes other customers on the same host can get through as well, if the host is not set up correctly.

    Thank you for the 5 stars!

    Thread Starter nzcid

    (@nzcid)

    8 years, 9 months ago

    Hey WFMattR

    Thanks for all the great tips. Site is not marked as a suspicious web site (thankfully).

    Seeing I have deleted this folder no way to check those things you mentioned but will if they appear again (hopefully not).

    Hosting this site is on is Hostgator but never had issues with their servers before.

    A Comment: Wordfence only picked up the file not the directory. Looking at the file notification via email I saw the directory and then went to investigate via the CPanel and knew this was not normal.

    The owner has sort of abandoned the web site as he is busy doing other things. Being hacked really discouraged him so I agreed I look after it for him and ensure it continues operating correctly.

    With Wordfence on guard 24 hours a day has saved me lots of time in managing it so again many thanks for a great plug-in.

    Wishing you all the best.
    Ian

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘File contains suspected malware’ is closed to new replies.

Tags