About hack of wordpress install pack

  • Recently,my web service provider told me that there’re some webshell in my website.I didn’t realized what happened.I download some plugins on other website,I think maybe they’re the origin of webshell hack,so I DEL all my website file and dnwload wordpress from www.remarpro.com again.however,after I unzip file,The system told me there’re 11 webshell problem in my website.What’s going on? It’s totally new website ??
    ====================================================
    序号,类型,路径
    1,疑似PHP后门-建议人工确认,/www/wwwroot/www.mikifuns.com/wordpress/wp-admin/includes/ajax-actions.php
    2,疑似PHP后门-建议人工确认,/www/wwwroot/www.mikifuns.com/wordpress/wp-admin/includes/class-wp-filesystem-ssh2.php
    3,疑似PHP后门-建议人工确认,/www/wwwroot/www.mikifuns.com/wordpress/wp-admin/includes/class-wp-upgrader.php
    4,疑似PHP后门-建议人工确认,/www/wwwroot/www.mikifuns.com/wordpress/wp-admin/includes/file.php
    5,疑似PHP后门-建议人工确认,/www/wwwroot/www.mikifuns.com/wordpress/wp-admin/includes/plugin.php
    6,疑似PHP后门-建议人工确认,/www/wwwroot/www.mikifuns.com/wordpress/wp-admin/includes/theme.php
    7,疑似PHP后门-建议人工确认,/www/wwwroot/www.mikifuns.com/wordpress/wp-admin/includes/update-core.php
    8,疑似PHP后门-建议人工确认,/www/wwwroot/www.mikifuns.com/wordpress/wp-admin/update-core.php
    9,疑似PHP后门-建议人工确认,/www/wwwroot/www.mikifuns.com/wordpress/wp-includes/ID3/getid3.php
    10,疑似PHP后门-建议人工确认,/www/wwwroot/www.mikifuns.com/wordpress/wp-includes/Text/Diff/Engine/shell.php
    11,疑似PHP后门-建议人工确认,/www/wwwroot/www.mikifuns.com/wordpress/wp-includes/class-wp-http-curl.php

    ==========================================
    So I try wordpress4.9.6 again,but the problem stil there.
    So I try 4.7.It’s done.Why????Is this my problem?or It’s the mistake of your website?Thankyou.
    (scan by https://www.shellpub.com/)

Viewing 3 replies - 1 through 3 (of 3 total)
  • Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    Get a fresh cup of coffee, take a deep breath and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

    If you’re unable to clean your site(s) successfully, there are reputable organizations that can clean your sites for you. Sucuri and Wordfence are a couple.

    OR

    The scanner you’re using is providing false positives. As it seems to be in Chinese, I’m not willing to download and install in on one of my systems.

    Thread Starter Hatsune miki

    (@mikifuns)

    Thanks for your advice.However,I’m a little worried about that Is the zip archive on wordpress still # Offical # You know,I understand maybe this scan system can make mistake but the sitecheck.sucuri.net warring me thak my website have malware today.It make me a little worried.Can you confirm that the archive which provide by www.remarpro.com is safe?

    Thank you all the same and wish you have a nice weekend.

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    If you download from www.remarpro.com, it’s clean. If an external scan from sucuri is saying your site is compromised, then you did not properly clean up the prior hack.

    If you install Wordfence and have it do a high-sensitivity scan, what does it report?

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘About hack of wordpress install pack’ is closed to new replies.