lock360.php.zip has been sent. Please check your email. ThanksA .zip should work, and the email is the same one posted earlier in this thread.
Regards
lock360.php.zip has been sent. Please check your email. ThanksA .zip should work, and the email is the same one posted earlier in this thread.
if you want to start a new thread. possibly in "off topic" entitled maybe "linux tools for White Hat testing of webs" -obviously that would then be able to include discussion of W.P then (with care) some of the vulnerabilities can be discussed. Specific code which i see no point in perpetuating hacking techniques could be restricted using this sites direct email system , so as to hide from the public.Hi KGIII,
While waiting for your reply, today all my websites are attacked by a suspected malware th3_alpha.php , resulting in some of them not working, unable to browse on Internet. This suspected malware works in the same way as lock360.php before creating malicious .htaccess everywhere with similar content;
Deny from all
Finally I have to run following command lines on the cPanel Terminal of my hosting company to find it and delete it
# find ./ -type f -name "th3_alpha.php"
# find ./ -type f -name "th3_alpha.php" >> /tmp/th3_alpha.txt
# find ./ -type f -name "th3_alpha.php" -delete
This suspected malware works the same way as lock360.php creating malicious .htaccess on most of the folders under /public_html/ including installed plugins.
I have wordfence and WP Cerber installed, running on all my websites. But they couldn't filter it. It is very strange to me. How can it get into my /public_html/ ?
Regards
select * from wp_users
I solved the problem by running following commands on cPanel Terminal of the hosting companyI went over the file you sent me and found it to be encoded - but not base64, except it claimed to be base64. So, I can't really be sure what it's doing.
What I would do in your position is delete everything first - as in everything. Leave nothing behind and then restore from clean backups with changed passwords for the database and FTP/cPanel. Then, if it's working, I'd install software to secure the site immediately after.
Leave not a single file on the server. Delete them all before restoring.
Hi captain-sensible,y
if you want to start a new thread. possibly in "off topic" entitled maybe "linux tools for White Hat testing of webs" -obviously that would then be able to include discussion of W.P then (with care) some of the vulnerabilities can be discussed. Specific code which i see no point in perpetuating hacking techniques could be restricted using this sites direct email system , so as to hide from the public.
users just joined who obviously haven't got a clue could be excluded .
But for instance i could log in to your site and poke around ; or things can be done from a url using simple "get" requests. functions.php is often a target.
I've got wordpress 5.8 running in localhost and for instance some of the tables where W.P stores things include including "wp_users" when i run from the command line
Code:select * from wp_users
i can see one of the admin log user names , not even encrypted. I also know the way that I could get W.P to give me that log name using a tool , if the site does not have the right plugins in place, just using the url for the site.
The password for that user in the databse IS encrypted but that means nothing since hackers just use password lists. Thats an example of what could be discussed and then on the +ve steps that could be undertaken to stop attacks