Weirds folders in public_html

  • Resolved spanizhfly

    (@spanizhfly)


    4 years, 1 month ago

    Hi,

    Installation of WordPress was straight forward,
    I installed wordpress in a separate (Folder-X) in the public_html
    and have additional index.php outside the (Folder-X) in public_html.
    This is to ensure I have a perfect https://www.mywebsite.com
    instead of with subfolder https://www.mywebsite.com/Folder-X.

    But recently i have been noticing some weird folders in my public_html
    and Google search console detect the folders as Social Engineering (Phishing Threat).
    My WordPress is always updated, including the core, plugins and themes and I’ve used many Firewalls and Security plugins like Bulletproof Security but I can’t resolve, the folder appearing in my public_html, I have go in and delete manually and furthermore my got a red banner by Google.

    I need help, how can avoid the hacker from injecting/execute folder in my public_html?
    any way will be great something like using htacess or any other way, Do help

    Thank you for your kind understanding

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author AITpro

    (@aitpro)

    Most website/hosting account hacks have occurred months to years before a website owner realizes their hosting account is hacked. First you need to clean up your hosting account. I created a website/hosting account hack clean up forum topic here > https://forum.ait-pro.com/forums/topic/wordpress-hacked-wordpress-hack-cleanup-wordpress-hack-repair/

    Plugin Author AITpro

    (@aitpro)

    This is important info as well. Most people think that their website/hosting account is being hacked from an external source each time a hack reappears. This is the most common scenario – a website/hosting account was hacked at some point due to some security vulnerability that existed at one time (plugin, theme, etc.) and was fixed at a later time. Since the source of the original hack still exists then removing/deleting things like “weird folders” appearing does not remove the original hack. Typically a hacker Shell script or some other automated self-creation script (automatically creates files, folders, etc.) has been added somewhere or in many places under the hosting account. What appears to be a new hack such as “weird folders” appearing is actually most likely the result of the original hack that was never removed/cleaned and the hack is occurring/reoccurring internally from your hosting account (hacker Shell script or automated self-creation script) and not from an external source.

    So by doing the steps in the forum link I posted above you will have a 100% clean hosting account as a starting point. If a hack reoccurs then you would look for the PoE (Point of Origin). 99% of the time cleaning up the hosting account removes the original hack and no further hacks occur.

    Plugin Author AITpro

    (@aitpro)

    Assuming all questions have been answered – the thread has been resolved. If the issue/problem is not resolved or you have additional questions about this specific thread topic then you can post them at any time. We still receive email notifications when threads have been resolved.

    Thread Starter spanizhfly

    (@spanizhfly)

    Manage to fix it, I change the Cpanel password and the attack literally stopped. It’s weird but it worked. Thank you.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Weirds folders in public_html’ is closed to new replies.