Hacked every few days….

  • a8ree

    (@a8ree)


    10 years ago

    Every few days my site is being compromised.

    This morning I got an alert that my site has malicious code

    e.g.

    File appears to be malicious: wp-includes/js/tinymce/utils/dirs32.php
    This file appears to be installed by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: “@$GLOBALS[$GLOBALS[‘k7e442032’][35].$GLOBALS[‘k7e442032’][60].$GLOBALS[‘k7e442032’][60]”.

    When this happens, I normally reset all plugins and restore any files before running a scan again.

    How do I determine how the site is being breached?

    https://wordpress.org/plugins/wordfence/

Viewing 1 replies (of 1 total)
  • wfasa

    (@wfasa)

    10 years ago

    Hello a8ree!
    If you keep finding infected files after you have cleaned suspicious files you can try to expand the search. In Wordfence options you can set the scan to include images (compromised files sometimes masquerade as images) or to scan files outside your WordPress installation. Please note that the latter type of scan might take long to complete if you have a lot of files on your server.

    You can also check the login log in Wordfence: “Live Traffic”/”Logins and Logouts” to make sure your WordPress account/s have not been compromised.

    You can find documentation on how to clean a hacked WordPress site here.

    Best of luck!

Viewing 1 replies (of 1 total)

The topic ‘Hacked every few days….’ is closed to new replies.

  • 1 reply
  • 2 participants
  • Last reply from: wfasa
  • Last activity: 10 years ago
  • Status: not resolved