Support » Fixing WordPress » malicious file

  • I received an email from my web hosting service, 1 and 1 Networks. They are reporting that one of my WordPress file is a malicious file. Here is a small part of the email:

    “A few minutes ago, our antivirus scanner detected that a malicious file was uploaded to your webspace.

    The file can be found in your webspace at the following location:

    ~/eyeontaiwan.com/wp-content/wp-jsconfigs.php

    To protect you against dangerous hacker attacks, our antivirus scanner checks every file on your webspace that is being modified or uploaded. If the scanner detects malicious code, execution of the file is disabled to prevent further attacks. To prevent calls to this file altogether, the file permissions have been reduced.”

    Since tis file is a part of WordPress I’m at a loss. The most recent Worsdpress version was installed by WordPress not by uploading from my PC. Every upgrade has been performed that way.

    If this system had a way to attach a file I would attach the file in question, wp-jsconfigs.php But alas I can’t.

    Does anyone know what’s going on?

Viewing 5 replies - 1 through 5 (of 5 total)
  • Moderator Steve Stern

    (@sterndata)

    Support Team Volunteer

    Please do not share malicious files!

    Get a fresh cup of coffee, take a deep breath and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

    If you’re unable to clean your site(s) successfully, there are reputable organizations that can clean your sites for you. Sucuri and Wordfence are a couple.

    Moderator t-p

    (@t-p)

    You need to start working your way through the resources on this page.

    Other things you should do:

    • Change passwords for all users, especially Administrators and Editors.
    • If you upload files to your site via FTP, change your FTP password.
    • Re-install the latest version of WordPress.
    • Make sure all of your plugins and themes are up-to-date.
    • Update your security keys.

    Additional Resources:
    http://ottopress.com/2009/hacked-wordpress-backdoors/
    Hardening WordPress
    http://sitecheck.sucuri.net/scanner/
    http://www.unmaskparasites.com/

    If you’re unable to clean your site(s) successfully, there are reputable organizations that can clean your sites for you. Off hand, couple of names that come to mind are Sucuri and Wordfence.

    How do I know that the malicious file did not emanate from wordpress.org? I did not upload wordpress via FTP. I let the wordpress.org scripts do all the work. All updates were done using the automatic update feature within wordpress not via my ftp.

    What does wp-jsconfigs.php do anyway?

    • This reply was modified 1 year, 9 months ago by amcgall.
    Moderator Steve Stern

    (@sterndata)

    Support Team Volunteer

    Try installing the Wordfence plugin and have it scan your site.

    That file is not a valid wp file.

    I did install Wordfence. Sadly the scan failed after 12 minutes. I read their primer about what do do if a scan fails prematurely. It’s a bit over my head. I’m not able to afford the premium package nor their support at cleaning my site. I’m retired on a fixed income and a very tight budget. Their $99 annual fee is more than I can bear.

    My web host, 1 and 1 is scanning my site and will deactivate any files it finds that appear to be malicious. I have removed the file that they recently discovered. I have also changed the password on my FTP account to a very strong password. Hopefully these measures will prevent future infections.

    In the twelve years I’ve run my WordPress site this is the first time something like this has happened.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘malicious file’ is closed to new replies.