WordPress Development Asked on December 3, 2021
I am helping someone whose WordPress website has files getting generated unders his folders, and being named after the folder. Can someone help me with what this does?
I put the code on pastebin because it was too long.
Although this is not the place for hacking questions ... a quick look seems to indicate attempts to get database credentials, and to upload files that can be executed later.
One file it looks for (and tries to inlcude) is 'command.php'. So take a look if that file is there. You could also look at the access logs to see if there was an attempt to upload that file name.
It also looks like it's self-reinstalling, via some update functions. And other attempts to gather intel about the site.
So, the best thing for you to do is to protect the site. There are many googles/bings/ducks on how to clean up a WP site (or any site) - I've written one myself that I use.
But, in general:
There's some other tips - again, lots of googles/bings/ducks on cleaning sites. My tips are here: https://www.securitydawg.com/recovering-from-a-hacked-wordpress-site/ .
Answered by Rick Hellewell on December 3, 2021
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP