WordPress.org

Forums

Potentail Malware problem (5 posts)

  1. bobkeenanphoto
    Member
    Posted 3 years ago #

    First.... I am a newbie at this. My site was hacked into and my host shut it down and pulled what they thought were the offending lines. I added several security plug-ins.

    On one, Secure WordPress by WebsiteDefender, I ran the defender scan and it came up with two potential files with a problem.

    One is a file call tols.php. Its full of what I think is base64 code. Here is a sample of a few lines worth [ moderated - Do not post malware code here. Use pastebin.com if you must. ]

    It also identified one other php file. It was some php code followed by a bunch of base64. See below:

    [ moderated - Do not post malware code here. Use pastebin.com if you must. ]

    So.... Is this malware? Can I just delete the php file??

  2. Patrick Nommensen
    Member
    Posted 3 years ago #

    Please do not post that code here. If you must share use http://www.pastebin.com.

    If you found that in one file chances are it's in many files. See the guide below.

    http://codex.wordpress.org/FAQ_My_site_was_hacked

    You can try replacing the files in your wp-admin and wp-includes folder.

  3. bobkeenanphoto
    Member
    Posted 3 years ago #

    Sorry about that.... like I said... I am a newbie. Here is the first suspicious file. It is labeled tols.php and can be seen here: http://pastebin.com/G0Znjtuc

    What do you mean replace the files in wp-admin? All of them? From where?
    Thanks for the help

  4. Patrick Nommensen
    Member
    Posted 3 years ago #

    No worries :-) A mod will clean it up.

    This type of attack is usually caused by a vulnerability in a PHP script. The first thing you should do is create a backup of everything. Then, make sure you're running on the latest version of your theme, plugins, and WordPress core. If you have the latest version installed you can easily download a new WP pack and transfer the wp-admin and wp-includes folder via ftp, replacing all files. DO NOT replace the wp-content folder as that includes all your uploads, themes, plugins and so forth. :-)

    Also, please make sure you've done everything that's listed on this page: http://codex.wordpress.org/FAQ_My_site_was_hacked .

  5. bobkeenanphoto
    Member
    Posted 3 years ago #

    This worked great! Thanks a lot.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags