Weird Folder appear in WP installation

  • Hi,

    One of the most reliable plugin I would say it’s iThemes.

    I have a unique issue, where I notice weird folders are in my WP installation.
    I believe with current iThemes setting it’s impossible for the intruders to create
    a file or folder.

    Do advice, do I have to change any setting on the site’s plugin or
    use a htaccess to prevent any creation of files or even execution.

    Thank you for your kind understanding. Urgent help is needed

Viewing 8 replies - 1 through 8 (of 8 total)

  • I have a unique issue, where I notice weird folders are in my WP installation.

    Can you provide some (weird) folder name examples ?

    Anyway sometimes the Hosting Control Panel software (like Plesk) creates folders/files. Nothing weird usually but it’s worth contacting your hosting and hear what they have to say.

    To prevent any confusion, I’m not iThemes.

    Thread Starter spanizhfly

    (@spanizhfly)

    Hi @nlpro

    The files name are below:
    /file/password/index.php
    /file/style.css
    /file/index.php
    /file/send.php
    /file/error_log
    /file/Docusign200002.zip
    /file1/password/index.php
    /file1/style.css
    /file1/index.php
    /file1/send.php

    It’s appearing after a lockout notification.
    I need help

    Ok, and can you post what is in the /file/password/index.php and /file/send.php files ?

    • This reply was modified 4 years, 3 months ago by nlpro.
    Thread Starter spanizhfly

    (@spanizhfly)

    Hi @nlpro

    I deleted the files,
    After this files appear my site, It was blacklisted in Phishtank,
    I remove those and it was whitelisted.
    Every time this file appears, I can see series of lockout reported
    by iThemes, but the files are not logged in iThemes.

    I’m looking for ways to prevent hackers
    to drop files in my WP core folder.

    Thank you

    • This reply was modified 4 years, 3 months ago by spanizhfly.

    Yes, that file certainly looks malicious.

    The iThemes Security plugin is just a tool to strenghten your WordPress site security. Using it is no guarantee your site will never get infected.

    For example, if you decide to install a nulled (premium) plugin from a questionable source, chances are it will infect your site with malware.
    Please don’t misunderstand, I’m not saying you did this. It’s just an example.

    But it is an example, where running the iTSec plugin will not prevent your site from getting infected. There are plenty more examples out there.

    Read the FAQ My site was hacked post on www.remarpro.com. It might help you. Good luck;-)

    If you require no further assistance please mark this topic as resolved.

    Thread Starter spanizhfly

    (@spanizhfly)

    Hi @nlpro,

    I’m still stuck,

    I have to daily go and delete the file manually.

    of course i’m not using a null version, that more risky
    than anything else on the planet but I do understand your point of view.

    Do you have any idea, that I can block hacker from inserting files on the main Wp folder?

    Please do advice or I really need help

    What you need is assistance in analyzing/cleaning a hacked site. But that’s not what this iTSec plugin forum is for.

    So follow the recommendations in the FAQ My site was hacked post on www.remarpro.com … or contact a company specialized in cleaning hacked sites. Through log analysis they will probably be able to identify the vulnerability which allows the hacker to re-infect the site.

    These are highly specialized skills you won’t find in this forum.
    I hope this helps you get back on track ;-j

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘Weird Folder appear in WP installation’ is closed to new replies.