Hacked Sites and Backdoor – Files/Folders being Uploaded

  • Hi all,

    I have around 10 personal WP sites hosted on hostgator and it seems like there’s some backdoor access because all of websites seem compromised as I see files and folders uploaded to them almost every day. Some of them break the site, some don’t. Because I have so many sites, I really don’t have any idea on how to poinpoint if maybe a plugin or outdated theme is causing this. Does anyone know the best method of tracking down the source to remediate?

    Screenshots of what I see:

    View post on imgur.com

    Contents in the folders:

    View post on imgur.com

    I have some 301 redirect domains and they seem to stuff a bunch of PHP files in those ones:

    View post on imgur.com

    Thanks!

Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator t-p

    (@t-p)

    Install the plugin Wordfence plugin and do full scan of your site.

    Thread Starter ddzc

    (@ddzc)

    Ok thanks, so do that for all 10 sites then? Let me give that a go!

    Update, I did it for 2-3 sites so far and it’s finding between 30-250 files with issues. Should I use the “repair all files” feature, or “Delete all files” features? Not sure if the delete option will tear the site down or not.

    Also how do I get to the root cause bc if I delete/repair the infected files, I assume they’ll get re-infected…

    • This reply was modified 2 years, 10 months ago by ddzc.
    • This reply was modified 2 years, 10 months ago by ddzc.
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Hacked Sites and Backdoor – Files/Folders being Uploaded’ is closed to new replies.