Spam HTML Files Being Added to Cache

  • Resolved leafwrench

    (@leafwrench)


    4 years, 1 month ago

    My WordPress security plugin (Wordfence) detected several spam HTML files being injected into Hummingbird’s cache for my site. After I delete them, they return after I clear the cache and new cached files are generated. This seems to indicate some malicious code or automated process causing this to occur.

    Unfortunately, I cannot seem to detect the source of this problem. My firewall settings seem pretty secure, but some security flaw that I am not accounting for is obviously present.

    Does anyone have any ideas on how to permanently fix this?

    Below is an example of one such filename and its path. I should mention that the folder named “search” also appears to be part of this injection.

    WARNING! Use caution if investigating the domain in the filename below.

    From Wordfence:

    “File appears to be malicious or unsafe: wp-content/wphb-cache/cache/MY WEBSITE’S DOMAIN HERE/search/%F0%9F%80%84%F0%9F%92%B9+www.LemonaidHealth.store+%F0%9F%92%B9%F0%9F%80%84+viagra+online+spedizione+dall/'europa/0be24aec025eac5162e91e5cdd2e6072.html”

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support Imran – WPMU DEV Support

    (@wpmudev-support9)

    4 years, 1 month ago

    Hello @leafwrench !

    I’m very sorry to hear that you’ve experienced this!

    Unfortunately it’s a plague of those in recent times and many sites got hacked.

    I would suggest to check the /sitemap.xml and /robots.txt of your site first as this may be the place where the pages are being added.

    As it’s clearly malware, please also check:
    – wp-config.php for any malicious code added there (esp. at the end look for an include to a file with widget in the name)
    – scan the site with https://sitecheck.sucuri.net
    – scan the files with Defender: https://wordpress.org/plugins/defender-security/ (our plugin which has a Malware Scanning feature and can be used alongside WordFence without conflicts)

    In case you’d like to use Defender’s Malware Scanning, please check the settings of that section as there are some additional options you can enable there to perform a more detailed scan.

    Please also make sure to have everything on the site updated – core, plugins and themes.

    Hope this helps and you will be able to locate the source of the issue and get rid of the malware quickly!

    Warm regards,
    Pawel

    Thread Starter leafwrench

    (@leafwrench)

    4 years, 1 month ago

    I appreciate the suggestions. I still have not located the source of this problem, but did manage to identify and fix a few more security vulnerabilities.

    All the scans keep coming back clean with the exception of the above-referenced html files, which I delete.

    It’s essentially just a form of spam and not a major problem, but it is a nuisance.

    Thanks!

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Spam HTML Files Being Added to Cache’ is closed to new replies.