Potential hack?
-
Something strange is happening. When I check my server files, I’m seeing a dotfile (.bt) which is being placed in in the first directory that appears alphabetically in my public_html directory. In this case it’s a directory marked “stats” but it’s been other directories.
It’s a text file and contains about 11,000+ lines, each of which appears to be an IP address.
My WordPress install is up to date, as are all plugins. I’ve changed the FTP password, as well my WordPress admin password.
The site does not seem to be affected – -it’s just this file which keeps reappearing, even after I delete it.
Any idea what might be happening here? I’ve alerted my web host, but they seem stumped.
Thanks,
John
-
Chances are you’ve been hacked.
As a first step, install and activate Wordfence, and run a scan. They have a pretty good scanning feature.
If nothing is detected, you might have to check out your files manually.
[redacted]
Good luck!
@adame: a friendly, off-topic note regarding your posts that include a link back to your site. It’s pushing the forum rules, because at the bottom of the post, you are selling a service to clean hacked sites. Please refrain from such links on future posts. Thanks.
https://make.wordpress.org/support/handbook/forum-welcome/#do-not-advertise-or-promote-products and https://make.wordpress.org/support/handbook/forum-welcome/#avoid-signatures
- The topic ‘Potential hack?’ is closed to new replies.