WordPress compromised. Need Help! (2 posts)

  1. ekihc
    Posted 4 years ago #

    I have a shared hosting account through netfirms.com and my account keeps getting suspended because (according to netfirms) my wp account has been compromised. Apparently my account is being used to send mass spam mails through the script 'wp-admin/user/profile-edit.php'. I was told to delete the compromised file, but EVERY TIME I go do that, the file is no where to be found. This happens just about every week now. I reset my password every time this happens.

    The first time this happened, I noticed the following files in my home directory: backdoor.tmp, clean.tmp, list.tmp, malware.tmp. I deleted them, hoping that would be the end of it, but it still happened. I also found a few files in my wp directories, one which stood out was a emailform.php file. This stood out because the code seemed to be an email script with an email address I didnt recognize: pseudonymus_2004@yahoo.com (The code can be found below). Not sure whats going on, but I would appreciate any help. Thanks

    emailform.php code
    [Code moderated as per the Forum Rules. Please use the pastebin]

  2. esmi
    Forum Moderator
    Posted 4 years ago #

Topic Closed

This topic has been closed to new replies.

About this Topic


No tags yet.