WordPress.org

Forums

  1. AxKa
    Member
    Posted 1 year ago #

    We keep finding the file .backup_time in the root of our installation. After being deleted it keeps popping up as soon as the wp index.php is triggered.
    Next to that we have the following string in our wp-database:

    a:9:{s:7:"enabled";b:1;s:6:"method";b:1;s:9:"file_list";a:2:{i:0;s:30:"wp-content/infinitewp/backups/";i:1;s:12:".backup_time";}s:5:"types";a:6:{i:0;s:4:".jpg";i:1;s:5:".jpeg";i:2;s:4:".png";i:3;s:4:".log";i:4;s:3:".mo";i:5;s:3:".po";}s:5:"email";b:1;s:5:"split";b:0;s:12:"notify_admin";b:0;s:10:"last_chunk";b:0;s:8:"last_run";d:1396344213;}

    Does the file.backup_time belong to the iThmes/Better WP Security) installation?

    regards,
    AxKa

    https://wordpress.org/plugins/better-wp-security/

  2. darkmatter661
    Member
    Posted 1 year ago #

    I am also having this issue and can't figure out if it's malware or what. My auto backup is OFF for better-wp-security so I don't know what it is. My guess is it's part of malware, it's in every root WP directory and other directories as well. If anyone's gone through this I'd really appreciate any help! The contents seem to be base64 encoded. I can't find the script it creates anywhere. I don't know what to do next.

    [ Moderator note: encoded gobley-gook redacted ]

  3. @darkmatter661 Your data and problem are different from the original poster's.

    Per the forum welcome please post your own topic with your own details.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic