Malicious code installed, can't access site

  • Resolved BuddyD

    (@buddyd)


    9 years, 5 months ago

    Hi, I am using the free version of Wordfence and have been notified of 3 malicious files that have been installed on one of my sites. I was able to delete two of the files using Wordfence but attempts to delete the third have not worked.

    I cannot access the site now and am presented with a dialogue box asking me to choose a language when I visit the site URL.

    The URL for the site is https://www.juneahrens.com.

    The malicious file in question is described below.

    ###

    File appears to be malicious: wp-config.php

    Filename: wp-config.php
    File type: Not a core, theme or plugin file.
    Issue first detected: 10 hours 15 mins ago.
    Severity: Critical
    Status New

    This file appears to be installed by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: “\x65\x76\x61\x6C\x28”.

    ###

    Any help would be greatly appreciated!

    https://www.ads-software.com/plugins/wordfence/

Viewing 2 replies - 1 through 2 (of 2 total)

  • If you deleted that file, you deleted a core wordpress file. In cases where that file is flagged, you should speak to someone at your hosting company to help if you are unsure how to install wordpress. Get a backup of that file and email it to [email protected]. Reference this case url:
    https://www.ads-software.com/support/topic/malicious-code-installed-cant-access-site?replies=1
    I will take a look at the backup file and make sure the malicious code is removed before sending it back. Keep in mind, normally we would send you to your hosting provider for help but I wanted to get you back online.

    tim

    Thread Starter BuddyD

    (@buddyd)

    Thanks for getting back to me on this. After a mad scramble on Father’s Day, I was able to source out the FAQ on the BackupWordpress support page and reinstalled the wp-config.php file from a backup that I accessed through FTP. All seems to be back to normal.

    I used Wordfence to delete the other two malicious code files that had been inserted. Question is, if the wp-config.php file is corrupted again in the future, how to replace? Is there an option besides deleting and reuploading?

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Malicious code installed, can't access site’ is closed to new replies.

Tags