Support » Fixing WordPress » SiteLock-PHP-EVAL_REQUEST-xxxx.UNOFFICIAL FOUND

  • Resolved Bluestocking Bookworm

    (@vanillabean)


    Hi all,

    So, my host – FatCow – is trash (it is an IEC host) and I am locked in for another few years with them. I got an alert this week that I had infected files and I wanted to sort it out.

    Full report text:

    Scan started at – Wed Oct 24 16:27:03 EDT 2018
    /stats/access_log_20181012.gz: SiteLock-PHP-EVAL_REQUEST-avfq.UNOFFICIAL FOUND
    /stats/awstats062018.txt: SiteLock-PHP-EVAL_REQUEST-avfq.UNOFFICIAL FOUND
    /stats/access_log_20180927.gz: SiteLock-PHP-EVAL_REQUEST-avfq.UNOFFICIAL FOUND
    /stats/access_log_20181024.gz: SiteLock-PHP-EVAL_REQUEST-avfq.UNOFFICIAL FOUND
    /stats/awstats092018.txt: SiteLock-PHP-EVAL_REQUEST-avfq.UNOFFICIAL FOUND
    /stats/awstats072018.txt: SiteLock-PHP-EVAL_REQUEST-avfq.UNOFFICIAL FOUND
    /stats/awstats102018.txt: SiteLock-PHP-EVAL_REQUEST-avfq.UNOFFICIAL FOUND
    /stats/access_log_20181008.gz: SiteLock-PHP-EVAL_REQUEST-avfq.UNOFFICIAL FOUND
    /stats/access_log_20181011.gz: SiteLock-PHP-EVAL_REQUEST-awem.UNOFFICIAL FOUND
    /stats/access_log_20180928.gz: SiteLock-PHP-EVAL_REQUEST-avfq.UNOFFICIAL FOUND

    ———– SCAN SUMMARY ———–
    Infected files: 10
    Time: 270.757 sec (4 m 30 s)
    Scan ended at – Wed Oct 24 16:31:34 EDT 2018

    To talk to a security expert, FatCow is going to charge me extra.

    Will simply deleting these files be enough to secure my site or do I have something more malicious going on like a hack?

    Thanks in advance!

    The page I need help with: [log in to see the link]

Viewing 9 replies - 1 through 9 (of 9 total)
  • Moderator t-p

    (@t-p)

    Carefully follow this guide.

    When you’re done, you may want to implement some (if not all) of the recommended security measures.

    If you’re unable to clean your site(s) successfully, there are reputable organizations that can clean your sites for you. Off hand, couple of names that come to mind are Sucuri and Wordfence.

    Oh poop. Thanks @t-p

    Guess I am spending the day cleaning my site instead of posting new content.

    If I am not too fussed about anything but the content, is it best to just make a backup and start from scratch?

    Moderator t-p

    (@t-p)

    OK, so I have run Sucuri internally and externally, and it hasn’t found anything in either place that points to malware or a backdoor. This is AFTER I deleted the files indicated in the report from SiteLock.

    I deleted old themes and plugins, and I deleted my .htaccess file.

    None of my posts or pages are currently loading, so I am doing a reinstall of the current version of WordPress.

    Logan Kipp

    (@logankipp)

    @vanillabean,

    Back up your database first. This is very, very important.

    So, I did an export before I deleted anything through my Dashboard, but everything in the recovery articles indicated that the .htaccess would re-make itself.

    Of course, my POS host doesn’t support backups without shelling out extra money, which I emphatically don’t want to give them. That said they MAY be able to restore the .htaccess file since it was deleted so recently.

    Did I just bork my site?

    It isn’t a HUGE deal if I need to scrap the site and start fresh. The export will have the actual content and I had been planning a graphic overhaul anyways. Just moves the schedule up I guess.

    Will doing so, deleting everything and starting with a fresh install of WordPress, plugins, everything secure my site?

    Still waiting for confirmation that scrapping my site and starting fresh will secure it.

    Moderator t-p

    (@t-p)

    Sorry, but no one at WordPress or in these forums fixes websites. You are responsible for your own self-hosted site.

    As I mentioned in my previous reply, if you’re unable to clean your site(s) successfully, there are reputable organizations that can clean your sites for you. Off hand, couple of names that come to mind are Sucuri and Wordfence. They may be able to give you “confirmation”.

    Thanks @t-p
    Sucuri is unable to do a one-time fix, and I don’t have the money for a year of service from them. I will check out Wordfence.

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘SiteLock-PHP-EVAL_REQUEST-xxxx.UNOFFICIAL FOUND’ is closed to new replies.