Malware detected problem in ms-setting.php - Help! (5 posts)

  1. troykd
    Posted 3 years ago #

    A linux malware detection software (maldet) popped on ms-setting.php

    {HEX}php.cmdshell.Err0R.229 : /home/mysite/public_html/wp-includes/ms-setting.php

    I can't just delete this file right? Could I get help with identifying the offending code.

    [Code moderated. Please do not post hack code blocks in the forums. Please use the pastebin]

  2. troykd
    Posted 3 years ago #

    Here's the code on pastebin


  3. Uh. THAT is wrong.

    Delete the entire wp-includes folder.

    Download a fresh instance of WP here: http://wordpress.org/download/

    Upload that, and then change ALL your passwords.

  4. Ryan Hellyer
    Posted 3 years ago #

    I suggested deleting your entire install and reinstalling from a backup.

    If it is feasible, then wipe the database clean and reimport using the WordPress importer (scrubs out any potential nasties from the database. If that isn't feasible, then make sure you comb through the database looking for any bad stuff that might be in there.

  5. perezbox
    Sucuri.net CEO
    Posted 3 years ago #

    Hey torykd

    Make sure you disable PHP execution in your includes folder as well and verify your perms on directories and files.

    Good luck.

Topic Closed

This topic has been closed to new replies.

About this Topic