Malicious programs on the site, how to detect?

K

kirin studio2020-05-10 10:31:57

PHP

kirin studio, 2020-05-10 10:31:57

Didn't mean to bother you, but I need your help. PHP files with strange names appear in httpdocs, I added one of them in attachments, as I understand they are all encoded in base64, and appear in different and unexpected places. In addition, if you do nothing for a long time, the "apikey" plugin is installed by itself, which takes up a lot of memory and increases if it is not removed. It got to the point that he got access to the administration, created a user for himself and began to add links to the site page. I have repeatedly cleaned and deleted those files in which this base64 encoded miracle was present, but they appear again and again. I can't find the source of the infection.

ps. And yes, I installed the elementor pro and screen lcx plugins from unofficial sources, but according to reviews, everything seems to be fine.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

D

Dimonchik, 2020-05-10
@dimonchik2013

well, what to do, wordpress is a pain,
although it is solved by a fairly competent setting of rights, but it still needs to be understood what and how to do

K

kirin studio, 2020-05-12
@paiymbek

I resolved the issue by contacting the hosting support, I was a little shocked, 48 infected files were found) all sorts of backdoors and shells. Deleted them all, now it's kind of quiet :)