Exploit Scanner
FYI - Pharma attack removes plugin (2 posts)

  1. cadfile
    Posted 5 years ago #

    Here is a nifty thing. I am getting attacked on a regular basis with the Pharma hack and one thing it does is add their malware file AND removes the main exploit-scanner php file - deletes it.

    I have WP-File Monitor active and caught it so I just delete the bad file and delete and reinstall the plugin manually.

    Auto update refuses to reinstall it since the folder still exists.

    The Pharma attacks are really ticking me off as I've followed all the various security tips and the hackers just injected a new file and removed another. *sigh*


  2. Jon Cave
    WordPress Dev
    Plugin Author

    Posted 5 years ago #

    Ha! I'm not surprised and there's not much that can be done by the plugin, but thanks for the information.

    To do a full clean up I would advise you to wipe all the files from the system and do a full reinstall (backup all database and files first in case something goes wrong). Also, ensure that you change all of the passwords associated with WordPress and the hosting account (e.g. MySQL, FTP, cPanel, etc.) -- to be extra paranoid I would change passwords before deleting everything and reinstalling and then again afterwards. If it's still able to come back then you should talk to your host as it's probably lax security configuration on their part rather than a hidden backdoor script or compromised password.

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Exploit Scanner
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic