Support » Fixing WordPress » wordpress Known exploit = [Fingerprint Match] [PHP WordPress Exploit [P1412]]

  • hello everyone

    i`m amateur web designer and use WordPress for most of websites .

    Yesterday i see my site load Blank and when i ask my Host about that they say the file function.php in my theme directory removed from server automatically cause found some virus on it !

    here some details that send for me :

    **Explore Quarantine Files for User ****
    Quarantine date: Wed Mar 21 18:41:22 2018
    Quarantine file: /quarantine/cxsuser/****/functions.php.1521645082_1
    Quarantine file size: 9850 bytes
    Original file: /home/****/public_html/wp-content/themes/angle/functions.php
    Original file atime: Wed Mar 21 18:38:58 2018
    Original file ctime: Wed Mar 21 18:38:57 2018
    Original file mtime: Wed Mar 21 18:38:57 2018
    File owner: ****
    File group: ****
    Scan Type: cxs Watch Scan
    md5sum: 52b13e63b028b36f43c1256f2bde18c0
    Reason: Known exploit = [Fingerprint Match] [PHP WordPress Exploit [P1412]]**

    i cant undrestand why this file detect exploit , cause i scan this in localhost my backup is clear with so many antivirus plugins and virustotal

    also i try to upload function.php from my backup and zip archive and even source of theme , all of theme delete immediately from server too

    what this line means :
    Reason: Known exploit = [Fingerprint Match] [PHP WordPress Exploit [P1412]]

    whats P1412 ?? and how can i found out which code or line of my function.php have problem ?

    host support not help me and say i must solve it by myself 🙁

Viewing 1 replies (of 1 total)
  • Moderator Steve Stern

    (@sterndata)

    Support Team Volunteer

    Download a new copy of your theme (form wherever it originally came from), unzip locally, and then upload that functions.php to your site. If that passes your host’s test, then assume you (1) were hacked and (2) that file was the tip of the iceberg. Get a fresh cup of coffee, take a deep breath and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

    If you’re unable to clean your site(s) successfully, there are reputable organizations that can clean your sites for you. Sucuri and Wordfence are a couple.

Viewing 1 replies (of 1 total)
  • The topic ‘wordpress Known exploit = [Fingerprint Match] [PHP WordPress Exploit [P1412]]’ is closed to new replies.