Found a strange file in WordPress root

Viewing 3 replies - 1 through 3 (of 3 total)

  • Be sure to scan your site for malware – the likelyhood of a single file being dropped on your server without there being more is low:
    https://www.ads-software.com/plugins/malcare-security/

    I think the bigger question is how did someone gain access to the root folder of your installation? I think that is where you need to start working from.

    Can you post a text copy of the php script you copied so it can be analyzed?

    Are you really looking for help?

    Also your link to the example.com site in itself is risky at best.

    `URL Scanning Details for https://www.example.com/wp-code.php

    Suspicious
    Indicates reputation issues and potentially malicious activity. Suspicious Activity
    Domain
    Domain name of the final URL after all redirections. example.com
    IP Address
    The corresponding IP address for the URL’s web server. 93.184.216.34

    Risk Score
    Overall threat score from 0 (clean) to 100 (high risk). 78 – Risky

    Spamming Domain
    Is this domain recently sending SPAM? Recent SPAM

    Thread Starter devmania

    (@devmania)

    Hi,

    The provided link is a dummy example. I prefer not disclosing my own domain for security and privacy.

    You can visit a link in the Google Search Results, it’s already returning a huge number of affected websites. I guess: About 47,500 results (0.34 seconds).

    It may be a wide-spread security exploit that may require the intervention of WordPress team, but I am not sure if it’s convenient to inform them. That’s why I posted here.

    Sharing the PHP file => it’s encrypted and may contains sensitive data about my site. So, posting it on public is risky. I can share it with authoritative WP team member.

    It starts with:
    <?php /* — enphp : https://github.com/djunny/enphp */ error_reporting(E_ALL^E_NOTICE);
    And contains some known PHP functions and a lot of weird characters like 3??…

    I cleaned my website and used some well-known WP plugins and updated everything (core, themes, plugins, ..).

    Why I am posting this message?
    To know more about that issue if someone else already knows about that and also be an informative topic for people that may have the same problem.
    It sounds that this script only creates promotional posts on the fly.

    • This reply was modified 2 years, 10 months ago by devmania.
Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Found a strange file in WordPress root’ is closed to new replies.