jpd24

Forum Replies Created

Viewing 2 replies - 1 through 2 (of 2 total)
  • Forum: Plugins
    In reply to: [NinjaFirewall (WP Edition) - Advanced Security Plugin and Firewall] Problems with infected WordPress installation (redirect malware)
    Thread Starter jpd24

    (@jpd24)

    2 years ago

    You can upload when you are the admin, as you are whitelisted by the firewall.

    Makes sense, have overseen this feature. Thanks for clarifying!

    If there’s no other sites in your document root, it is very likely there’s still a file/backdoor on the site, which hasn’t been detected by the scanner.

    I’ve re-uploaded the entire core system from a clean WP base and have checked many other subfolders (in /wp-content/) manually. I’ve actually found a few files that were ironically hidden in some sub-subfolders of the NinjaScanner or Firewall and 1-2 other scripts in other places that hasn’t been found by the Scanner. Until now, everything is looking good, no new scripts have been uploaded / accessed.

    Thanks for your help!

    Forum: Plugins
    In reply to: [NinjaFirewall (WP Edition) - Advanced Security Plugin and Firewall] Problems with infected WordPress installation (redirect malware)
    Thread Starter jpd24

    (@jpd24)

    2 years ago

    Thanks for your reply!

    If you set up the firewall in Full WAF mode and disable file upload, it’s impossible to upload a file from a PHP script.

    A question on that: Shouldn’t it be impossible to upload new files via WordPress as well if the file upload is disabled in the settings? Cause I’ve tested with an test image and it still is possible via the WordPress Backend.

    And just today, I’ve received emails from the File Detection; there were about 10-20 new files uploaded that contained malware.

    However, the attacker could have a backdoor that create and write to the file, instead of uploading it.

    Yeah, my suggestion is that in some sub-subfolder, there is a modified / uploaded file or whatever from the past that the scanner doesn’t detect and that still may open a backdoor to the offender.

    Did you run a malware scanner?
    Do you have another site hosted on that vhost?

    I’m always checking via NinjaScanner and if there are files uploaded, the Malware Detection regocnizes them. I’m then quarantining them and (if it doesn’t break the website, so no core files) and delete them afterwards. Or, in case it’s in core files, I’m restoring them either via NinjaScanner or manually.

    From our side, there is no other website hosted. But: It’s only shared hosting, so in theory, there could be other websites on the same server.

Viewing 2 replies - 1 through 2 (of 2 total)