Seen this malware issue?
Not sure where best in forum to post this.
Having malware issues. Finding weird files in one of my host account -- stuff like twqhgjduerjghgg.txt. Thousands of those. Or strings of numberes appended to a .php file.
So I changed server passwords and all. I'm re-building one of my sites. So I created to new domain, uploaded brand new wordpress files and downloaded all new, fresh plugin files. Also, downloaded WP All In One Security and Wordfence and configured both of them -- no interfering stuff though.
I then just started creating pages. On the old site, I would just go to the page editor, text area, and copy and replace the content -- carefully looking at the code. There was nothing there unusual, just paragraphs surrounded by <p></p> kind of stuff.
After doing all that. About an hour later I ran a wordfence scan and 300+ wordpress files were corrupted. Same crap, just numbers appended to the end of files. Lucking it's easy to restore to original with wordfence.
But somewhere in my server or one of my sites is malware or a backdoor and I can't find or plug it. Any ideas?
Oh, and in error logs the other day - before I changed passwords -- I found this:
Not sure what that is, but those text files looked like those two t-e-t-q files above. Any idea how to fix my issues? And hostgator won't do a scan. They only want to refer me to their partner firms. I want to explore some DIY methods first. Any help appreciated.
Having malware issues. Finding weird files in one of my host account -- stuff like twqhgjduerjghgg.txt. Thousands of those. Or strings of numberes appended to a .php file.
So I changed server passwords and all. I'm re-building one of my sites. So I created to new domain, uploaded brand new wordpress files and downloaded all new, fresh plugin files. Also, downloaded WP All In One Security and Wordfence and configured both of them -- no interfering stuff though.
I then just started creating pages. On the old site, I would just go to the page editor, text area, and copy and replace the content -- carefully looking at the code. There was nothing there unusual, just paragraphs surrounded by <p></p> kind of stuff.
After doing all that. About an hour later I ran a wordfence scan and 300+ wordpress files were corrupted. Same crap, just numbers appended to the end of files. Lucking it's easy to restore to original with wordfence.
But somewhere in my server or one of my sites is malware or a backdoor and I can't find or plug it. Any ideas?
Oh, and in error logs the other day - before I changed passwords -- I found this:
Code:
130950 sh -c cd /tmp/; echo ' tetqwqsadmgfZdZ;ls -la 0% 0.0% Kill Process 130815 sh -c cd /tmp/; echo ' tetqwqsadcF0zTO;ls -la 0% 0.0% Kill Process
-
p4yam -
Thanks
{{ DiscussionBoard.errors[10547914].message }} -