Answer the question
In order to leave comments, you need to log in
How to find a vulnerability on a website?
I have been fighting a virus on the site for more than a week now.
There is a redirect in htaccess.
I look at access.log to which files there were requests. I see that with the IP, which as a result of the htaccess rules, there were requests for different files. Among them there are virus files that were not previously on the server - as far as I understand, one file allows you to upload files to the server, and the other allows you to get information about users from the database.
After requests for these files, the hacker installs the WP file manager plugin and uploads a new htaccess to the server through it. After that, he leaves.
I delete all the files he asked for, but before the end of the day they reappear in a new folder.
Changed passwords from the server, ftp and mysql.
Ai bolit does not find these virus files because they are written in pure code without encryption.
I installed different plugins for Wordpress for protection, even one of them should block access to the admin panel by country.
Nothing helps.
Give me some ideas, please, how to find a vulnerability?
Here is the access.log https://www.codepile.net/pile/p8BmY4OV - the last time a hacker entered with ip146.185.158.9 and 104.131.176.234 maybe I don't see something in the log ..
Very similar to the order - earlier there were many different I found viruses on other sites, but I didn’t encounter this .. The hacker not only put a redirect, but also sometimes removes different plugins.
Answer the question
In order to leave comments, you need to log in
Hello!
1) Install the WordFence plugin and crawl the site.
2) Check the contents of the functions.php file
3) If you have installed premium nulled plugins from unknown sources, remove them or at least look where they include malicious code.
For the scan I always use https://virusdie.ru
Scan, remove the malicious code. You wrote above that there is no suspicious code, I came across that the files weigh more than usual, there is no extra code, but it was somehow sewn into a file ..
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question