hacked

  • Resolved nkwebdesign

    (@nkwebdesign)


    6 years, 1 month ago

    All my WordPress clients was hack and here are the most common flags that wordfence found.

    wp-content/plugins/mrx/r.php
    Cwd.php

    where can I find information about this?

    How did they get in all my clients website?

    Thanks

Viewing 1 replies (of 1 total)

  • Hi @nkwebdesign,

    I couldn’t find any references to the mrx plugin on WordPress.

    My best guess is that someone gained FTP or SSH access into your client’s website and uploaded/activated those malicious plugins.

    It could also be possible that through an exploit of another plugin or backdoor, they uploaded that plugin.

    Can you paste a few lines from r.php and cwd.php here?

    In any case, you’ll want to remove them immediately from your server.

    Dave

Viewing 1 replies (of 1 total)
  • The topic ‘hacked’ is closed to new replies.