• Resolved electroset

    (@electroset)


    Wordfence Scan is coming back clean, but Im manually finding files that have been renamed to xxx.php.suspected
    I can find reference to this problem online, but no easy fix is offered.
    I can’t open those ‘suspected’ files in Dreamweaver as it says they are not valid files.
    Should Worfence pick these files up and alert me that additional files have been created?
    Anyone have a current solution to this apparent hack?
    Im running the latest of everything. Worfence scans clean. Filenames are then changed and my site starts sending spam. ??

    https://www.ads-software.com/plugins/wordfence/

Viewing 5 replies - 1 through 5 (of 5 total)
  • Hi electroset,

    I am not sure why Wordfence is not finding those, but we will look into it.

    It does seems to be an exploit of some kind. You should read this thread. https://www.ads-software.com/support/topic/link-templatephpsuspected/page/2?replies=60 There are some suggestions in there on how to clean your site. You can also contact your host to see if they can help identify the source of the problem.

    From what we have seen, files with a .suspected extension would usually be files that your web hosts had identified as possibly being malicious and renamed so they can not be run. The web host may also change the permissions so that they can not accessed by you or software running on the website. Have you contacted your web host to see if they know anything about them?

    Usually evidence of how a website is being hacked would show up in the HTTP or FTP log files for the website, have you reviewed those yet?

    Electro, to open those files just change the extension to something Dreamweaver is set up to edit. I usually use .txt. I’ve used Dreamweaver for years, in my ver, use Preferences/FileTypes/Open-in-Code-View to get it set up for working on modern WordPress websites .txt and .php, etcetera. Add .htaccess as a file extension while you’re at it and you’ll be able to edit those as well…

    Hope that helps. (Am assuming you download the files to your local site image, re Dreamweaver work flow.)

    MTN

    Thread Starter electroset

    (@electroset)

    Thanks for your suggestions. From my research, it became obvious it’s a nasty website hack, with those effected not 100 sure how they got it; many reporting ongoing problems.
    It was a relatively small site, so I copied page text and images folder, deleted the domain, and started from scratch.
    Annoying… but the safest way for me to confirm there was no sleeper code. Wordfence was the first plugin activated, so Im sure Im better protected than before. ?? Thanks.

    Hopefully you are good to go now!

    Marking this post resolved. Feel free to update it if you have anything to add.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘.php.suspected’ is closed to new replies.