Title: My site was infected Last modified: August 30, 2016 --- # My site was infected * [David_G](https://wordpress.org/support/users/questas_admin/) * (@questas_admin) * [10 years, 5 months ago](https://wordpress.org/support/topic/warning-91/) * My security program quarantined a nasty little file from the root of all my sites. The file name is “ea.htm”. It might be worth the time to ftp to your sites and check for this file. Viewing 6 replies - 1 through 6 (of 6 total) * [Clayton James](https://wordpress.org/support/users/claytonjames/) * (@claytonjames) * [10 years, 5 months ago](https://wordpress.org/support/topic/warning-91/#post-6803664) * > from the root of all my sites. * Server compromise? Are you on your own server, or in a shared hosting environment? * You should take a look at this info. [FAQ My site was hacked](https://codex.wordpress.org/FAQ_My_site_was_hacked).. And some more for after things are cleaned up. [Hardening WordPress](http://codex.wordpress.org/Hardening_WordPress) * Thread Starter [David_G](https://wordpress.org/support/users/questas_admin/) * (@questas_admin) * [10 years, 5 months ago](https://wordpress.org/support/topic/warning-91/#post-6803668) * I’m in good shape. I am on a shared hosting, but also running “Bullet Proof Security Pro”. It caught the file and quarantined it immediately. I was just putting this out for other users to watch for it. * [Clayton James](https://wordpress.org/support/users/claytonjames/) * (@claytonjames) * [10 years, 5 months ago](https://wordpress.org/support/topic/warning-91/#post-6803724) * I’m glad the security plugin caught it, but were you able to identify the mechanism that allowed the file to be uploaded to your site(s) in the first place? How did the intrusion actually gain access to your web directory? Was it a vulnerable plugin, or theme, or some other compromised account that took advantage of weak file permissions? Or haven’t you been able to determine the point of entry yet? I’m just wondering what was done to actually close the hole. * Thread Starter [David_G](https://wordpress.org/support/users/questas_admin/) * (@questas_admin) * [10 years, 5 months ago](https://wordpress.org/support/topic/warning-91/#post-6803833) * I really don’t know. I looked at my security logs and statcounter for activity but unable to determine how it got in. This is the first time since I installed the security plugin that ANYTHING has gotten past it. There are constant attempts and that is why I paid for the security. It works very well. Does exactly what it is suppose to do. * [esmi](https://wordpress.org/support/users/esmi/) * (@esmi) * [10 years, 5 months ago](https://wordpress.org/support/topic/warning-91/#post-6803835) * Have you asked your hosts for assistance? They have access to other logs (such as ftp) and may be able to pinpoint when this file was uploaded/added. It’s also possible that there is another site on your server that has been hacked – making every other site on the same server vulnerable. So your hosts really do need to know about this. * Thread Starter [David_G](https://wordpress.org/support/users/questas_admin/) * (@questas_admin) * [10 years, 5 months ago](https://wordpress.org/support/topic/warning-91/#post-6803838) * I haven’t contacted the host yet, but while checking todays logs someone in the Netherlands at “IP:159.253.145.183” tried to access the file twice. Probably disappointed it wasn’t there. Another attempt from Indonesia also. * I will correct my first statement about ALL my sites. It was only added to 6 of them, not all the sites. Viewing 6 replies - 1 through 6 (of 6 total) The topic ‘My site was infected’ is closed to new replies. * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) * 6 replies * 3 participants * Last reply from: [David_G](https://wordpress.org/support/users/questas_admin/) * Last activity: [10 years, 5 months ago](https://wordpress.org/support/topic/warning-91/#post-6803838) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics