[Resolved] suspicious "sitemap.php" file added to public_html dir
i wanted to ask if anyone has encountered a situation similar to this and how it was patched/fixed (to prevent future hacks).
i recently experienced anomalous output on some pages on a wp site i manage. a viewer would go to the site, look at some pages and see texts inserted in the actual page text. texts like selling viagra or some other random text/spam (just texts). the number of processes running on the server (shared hosting) would spike, from the regular 1 to 2 over 25, to about 20 to 25 over 25. the site would constantly throw internal server errors. the text are randomly inserted and sometimes a refresh of the same page will make the insertions disappear. some pages viewed in diff browsers/machines will produce one hacked and one normal page.
i have consulted our hosting service but they always say they’ll get back but then give no definite answers or they don’t get back at all.
i also looked at some cross-site scripting or ‘pharma hack’ and other possibilities
so, after looking for evidence or clues myself (database looks clean, the theme pages did not have inserted code etc.) i noticed a “sitemap.php” file in my site’s public_html. i double-checked and, yes, wordpress doesn’t have such a file. i looked at the file and saw code similar to this one:
i’d like to know how such files could be uploaded (or written) in the public_html dir. or more important: how such hacks may be prevented, avoided (or minimized?) in the future.
thanks for any help or point to the right direction.
- The topic ‘[Resolved] suspicious "sitemap.php" file added to public_html dir’ is closed to new replies.