Site Hijacked

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Eli

    (@scheeeli)

    I can’t tell from just a screenshot if that particular web shell is already in my definitions yet or not, I would need to see the code to know for sure. If you had run the scan after the infection was put on there then maybe it would have found it and we would know, but if you have already erased the code by restoring a backup of your site then I is probably too late to tell.

    If it happens again then it would be better to run the scan to see what it finds. Also, it would be most important to record the infection times as the timestamps of those infected files could be instrumental in determining how the site was hacked, thereby helping us find the weak point in your security that is letting in the exploit in the first place.

    Please feel free to contact me again if you find your site infected so that I can help you find the cause.

    Thread Starter dreynald

    (@dreynald)

    Could this code be a potential lead? I saved it before scrubbing the website.

    https://www.dropbox.com/scl/fi/rih1gcmnxngph6c2nage3/College-Zoom-Best-College-Admissions-Counselor-in-America.pdf?rlkey=8myi7lo5no47ip4g68zoq3m68&dl=0

    Plugin Author Eli

    (@scheeeli)

    It looks like some kind of JSON log of IP address that might to have something to do with the WPBakery JavaScript at the bottom, but I don’t see any relevance to the hack.

    You have had no new malware on the site since you restored the backup?

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.