Weird /zz directory in my wp-content folder

  • I am noticing in my wp-content folder I am seeing a weird directory randomly appear. I am also seeing it in my plugins directory occasionally. wp-content/zz & wp-content/plugins/zz…

    If i browse into this /zz folder i find exact copies of my plugins directory. A quick google search of “wp-content/zz” will show quite a few results of other sites that seem to have this same issue.

    I am not noticing this problem on every wordpress site i administrate or have designed, only a certain few, I have cross referenced plugins on the sites where i do see this phenomenon and have found no relation. Also I have crossed referenced plugins on other sites that have this issue and have found no relation there either.

    I don’t have weird permissions set on these directories to the best of my knowledge, but I am beginning to think that whatever is causing this zz folder to appear it is malicious. Has anyone out there heard of this or noticed the same thing on their site?

    Also I have deleted this directory only to have it reappear a few days later. Any help is appreciated

Viewing 7 replies - 1 through 7 (of 7 total)

  • I see it in google, on sites that are running older versions of wordpress, 2.7 is the newest Ive found yet with that, and sites using the podpress plugin.

    So .. what say you to above?

    finally found one thats not using podpress

    Thread Starter i_know_god

    (@i_know_god)

    Well I can tell you on my site that I am not using podpress and I’m running latest version of wordpress (2.7.1). I see no correlation between sites that have this problem and the plugins they have installed. I havent been able to find any connection.

    Thanks for the reply, hope you come up with something.

    Thread Starter i_know_god

    (@i_know_god)

    bump, no one will see this on page 11!

    I found the same folders on wp installations where the wp-content folder was set to 777 – it seems this is an exploit and you can prevent it by setting 755 to wp-content

    any fixes for this problem? I couldn’t find one.

    I got that too on all of mz WP installs. Basically, what I did was to set chmod 755 for the wp-content directory and, for now, it’s not back. Still, I believe that must be a WP vulnerability. Most probably, most of us set chmod 777 for wp-content so we shouldn’t set it to all theme folders we want to modify within the WP theme editor. That’s the reason I did that.

    So, first of all, you should set chmod 755 to your wp-content directory, erase the folders called “zz”, “…”, “upload” and “images” (these 4 directories appeared in my wp-content – remember, don’t erase “uploads”, but “upload”, without the “s”, otherwise you’ll lose all the files you’ve uploaded before). Just as well, erase “cache” and the “js_cache” inside “uploads”.

    Hopefully, after setting chmod 755 you won’t have any other problems. By the way, all my WP versions are 2.7.1. And there are a few, I can tell that.

    Get the same thing happening to me. Very strange. Also see “…” directories created.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Weird /zz directory in my wp-content folder’ is closed to new replies.