Adminer warning

  • Resolved designreaction

    (@designreaction)


    7 years, 2 months ago

    A recent WF scan of a client’s site brought the following to our attention:

    wp-includes/SimplePie/Content/Type/adminer.php

    The file and its location looks suspicious, I know there’s a plugin called adminer, which we never put on the site and isn’t there now, and the client claims not to have either, so just wondering how this has now appeared.

    Anybody else had any dealings with this before?

    Thanks

Viewing 4 replies - 1 through 4 (of 4 total)

  • See this article for more info:
    https://blog.sucuri.net/2017/08/mining-adminers-hackers-scan-the-internet-for-db-scripts.html

    Thread Starter designreaction

    (@designreaction)

    Thanks bluebearmedia,

    that’s a handy link to look at. I don’t know enough about adminer, never used it.

    So by the sounds of it, they have potentially installed the plugin in the past that they can’t remember, I know the site goes back to 2011, but it is only the past 8 months I have been involved with the project.

    I think it will be best to ensure a backup is in place and remove the file.

    Thanks.

    Hi @designreaction
    I can tell that having a file with the name “adminer.php” which resembles the name of the well-known database management script in one of the core WordPress directories is absolutely suspicious, I highly recommend going through steps mentioned in “How to Clean a Hacked WordPress Site using Wordfence“.

    Thanks.

    Thread Starter designreaction

    (@designreaction)

    Thanks for the link wfalaa, very handy to keep a copy of. I can confirm that I did decide to remove the file as it looked very suspicious.

    I had no experience in the adminer plugin, and the site we took over had been passed around many hosts/developers prior to us, and the site is in quite a mess, so I was unsure if there was any past purpose to the file. But hey, it’s gone now, and the site is still live ??

    Thanks both!

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Adminer warning’ is closed to new replies.