Possible hack or viral infection?

  • keirentownandcountry

    (@keirentownandcountry)


    9 years, 3 months ago

    Hi All,

    I am having some problems with the company website!

    A while ago a website designer created our company website and was never maintained in updating plugins and install Wordfence or any security for that matter. Unfortunately over the 6 month period this wasn’t monitored we have had various issues with viruses and hacking incidents. We was recently contacted by our hosting company to say that various incidents of spam emailing was happening due to our website and had to be temporarily removed from the server as it was effecting other customers.

    I have recently taken charge of looking after the website and have firstly installed Wordfence shortly followed by Sucurus and updating all plugins that were really out of date…..possibly not done at all.

    Having run scans through Wordfence I have seen 24 critical and warning issues crop up.

    I just need to know if these are potentially existing issues from previous negligence or nothing to worry about?!

Viewing 3 replies - 1 through 3 (of 3 total)
  • esmi

    (@esmi)

    9 years, 3 months ago

    If the site has been hacked, you need to start working your way through the resources on this page. I’d also suggest reviewing http://ottopress.com/2009/hacked-wordpress-backdoors/

    Anything less will probably result in the hacker walking straight back into your site again. I’d also strongly recommend that you review
    Hardening WordPress

    Thread Starter keirentownandcountry

    (@keirentownandcountry)

    9 years, 3 months ago

    Thanks Esmi,

    This is the typical notification that we are seeing: This file appears to be installed by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: “${“\x47\x4c\x4fB\x41\x4c\x53″}”. The infection type is: Backdoor:PHP/kidslug.

    I assume this would mean a backdoor has been applies to a theme or plugin?

    esmi

    (@esmi)

    9 years, 3 months ago

    Well, it’s certainly a clear sign that the site has been hacked but real back doors are often hidden inside what appears to be media files. The second link I posted above ha info on just this subject. You’ll also need to check the database very carefully as, again, the hacker may have inserted code directly into a table.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Possible hack or viral infection?’ is closed to new replies.

Tags