Is this a false malicious file found by NameCheap?

Hi, have you created any database backups using our plugin?

That’s the weird thing; I haven’t made changes to the site for months other than keep WP and plugins up to date. I may have run my own manual scans but I don’t think so. This is the state of my dashboard https://jmp.sh/APEPr3Q

Hi,

That’s the weird thing; I haven’t made changes to the site for months other than keep WP and plugins up to date

But do you have schedule backups setup in our plugin? The reason why I am asking is because of the backup file which was created on the 2021 01 22.

Regards

unfortunately, the dashboard is not formatting so I can’t really do any admin. If there was any automatic back up set in the plugin, I can’t recall doing that.

My attention was drawn to that folder by a notification from NameCheap saying that their virus scan flagged that file. I didn’t even recognize the folder until I had a look. https://jmp.sh/oyD4mkW that’s the contents at the moment without the zip file they quarantined.

If the plugin is making its own backups, would you expect to see others in that folder? I am suprised that there are only files from 2019 because I thought it was installed long before then.

I think maybe your site has been hacked. Please check the following forum post.

Let me know how you go.

Thank you

We’ve run AV scans on whole account and there is nothing new there. I’ve downloaded my problem site to my PC and scanned it “No threats found”.

There’s not much I can access on the WP Master List as my Dashboard is practically unusable so am leaning towards you specific suggestions (replacing WP folders and files) but am worried that they will break the site from its databases.

-wp-admin and wp-includes directories… is there anything there particular to my site that I need to include before replacement?

-plugins- can be deleted and replaced but not via the Dashboard. Is that good enough or do I need to replace them via the Dashboard (I am thinking, yes)

-replace all wp core files … is this safe to do or do I need to alter the new ones?

-wp-config seems clean and it definitely needs modification to maintain connection with a new version.

There is no PHP file any uploads folder.

We found no PHP files nor suspicious files in the root directory after running two scans and manually deleting old file.

——
While I wait for your response, I am planning to delete all files from the URL folder and upload a backup zip from a few months back but not do anything to the database. I’m hoping that will give me back the Dashboard from which to replace the plugins.

Really appreciate your help here.

Hi, after you carried all of the above, are you still getting a false positive reading from NameCheap?

Thank you

following the initial report, I asked for the file to be deleted. 2 total scans of the account later it seems to be clean. WP Health Check also reports everything is working correctly but still the Dashboard remains unformatted.

Hi,

but still the Dashboard remains unformatted.

What do you mean? Can you provide a screen capture so I know exactly what you are talking about.

Thank you

https://jmp.sh/d7EJaqX

That looks like a cache issue. Make sure you clear all the cache from the browser, site and also check your server to see if they are running some cache system.

Let me know how you go.

Regards

The cache has been cleared many times and many different browsers have been tried with cookies cleared. I have cleared the cache via the plugin and I’ve removed the plugin.

I have not tried asking NameCheap, my hosting, so I will try that later today. This issue is not showing on other sites on that same shared hosting, though.

Thanks for your help

• This reply was modified 3 years, 10 months ago by strategia.

Hi,

I have not tried asking NameCheap, my hosting, so I will try that later today.

Let me know what they say.

This issue is not showing on other sites on that same shared hosting, though.

Are the sites running the same plugins and theme?

Thank you

Not exactly the same group of plugins but a combination of the same ones.

In any case, I remotely (FTP) renamed the plugins directory to disable all plugins and it made no difference.

I will report what Namecheap says about the cache.

Thank you again

I bit the bullet and now it’s working fine again.

I found an old backup and took out all the files (no database) zipped them and uploaded the zip via cpanel file manager. Once the zip was there, I deleted everything from the folder except the new zip which I then unzipped.

Unfortunmately, for some reason the wp-config had no specific details (it looked like the startup WP file). I hunted around and found an old version and uploaded it via FTP. It connected to the DB and so I was able to update everything, because…

…the bloody Dashboard was working again!

Thank you for all the effort you made.

• This reply was modified 3 years, 10 months ago by strategia.