Malware Attack

  • Hello,
    brother today morning my website was attacked by hackers using malware injections …these are the files which they got infected….

    FILE HIT LIST:
    {CAV}Html.Exploit.CVE_2016_0108 : /home/usr/public_html/wp-content/cache/wpfc-minified/a9977561d9fc83f9ee07be0ae1b562c7/1457558307index.css => /usr/local/maldetect/quarantine/1457558307index.css.628011130
    {CAV}Html.Exploit.CVE_2016_0108 : /home/usr/public_html/wp-content/cache/wpfc-minified/ab69b1f2f1ef9c5aa464e15544564f38/1457557265index.css => /usr/local/maldetect/quarantine/1457557265index.css.56145290
    {CAV}Html.Exploit.CVE_2016_0108 : /home/usr/public_html/wp-content/cache/wpfc-minified/1751c54383752053a1dc970b534d9fe8/1457557270index.css => /usr/local/maldetect/quarantine/1457557270index.css.221654162
    {CAV}Html.Exploit.CVE_2016_0108 : /home/usr/public_html/wp-content/cache/wpfc-minified/f4f4866e8f1a78c1e4d8a9bbbfcf4525/1457557273index.css => /usr/local/maldetect/quarantine/1457557273index.css.1710029305
    {CAV}Html.Exploit.CVE_2016_0108 : /home/usr/public_html/wp-content/cache/wpfc-minified/213f5049014c5219b9402cd66ae7c2df/1457558311index.css => /usr/local/maldetect/quarantine/1457558311index.css.261129700

    How they got this…even i have installed the wordfence as well…
    kindly highlight me on this…
    regards

    https://www.ads-software.com/plugins/wp-fastest-cache/

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Emre Vona

    (@emrevona)

    Hi, first of all this is a bad situation.

    Please send me an email: [email protected]

    Emre, FYI; I have users reporting the same issue. There’s info on what I was able to find out in that thread already.

    Either this simply is a false positive or we (WPFC & AO and probably others) are both aggregating CSS that is infected (and as such are hiding the problem). Let’s keep in touch to identify the culprit (clam av for a false positive or a plugin with infected CSS).

    frank

    Plugin Author Emre Vona

    (@emrevona)

    Frank, I have talked to @feroz_bilal via email and he is convinced that this is a mistake of hosting provider ??

    There is no file which is infected. and I cannot stop thinking about this question: Why does a hacker need to update a css file? ??

    Thread Starter feroz_bilal

    (@feroz_bilal)

    Hahaha….Right Emre….I dont know what the problem was..
    I just installed fresh installation and also reset the cpanel….
    Now there is no malware in my hosting…

    he is convinced that this is a mistake of hosting provider

    This indeed is very likely to be a false positive by Clam AV. The question is what triggered this false positives all of a sudden. Also; this will likely happen again, so …

    frank

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Malware Attack’ is closed to new replies.