Unable to resolve a database issue that is creating file to the top level directory of the website (outside of the blog).
If deleted the file is created again each morning. The file is long string of characters. It is created by the apache user not the FTP or WordPress user. I cannot tell what it is doing, but it is the only change to any files on the site, after extensive examination of files nd dates I am 99% sure of this – and results in blacklisting at Google etc.
Have tested with a new database, link to the new database via wp-config, which eliminates this issue, *reentered all post content into the database to see if it is something in post content – no problems.* but would like to not have to rebuild the rest of the database by hand (plugins, internal linkage to new page #s for content etc) if possible.
Importing the old database content into the new database causes the issue to start over.
I have not seen a hacking problem like this before, maintain many WordPress sites, but am stumped here. Have searched forums, Google, etc and cannot find any other info on this problem.
No base 64 hacks in the database that I can find. Searched the database for the name of the file and it’s not in there. What else can I do via phpAdmin or any other tool? Has anyone else experienced this issue?!
- The topic ‘Malware in database – generating file to top level directory’ is closed to new replies.