Cleaning my wordpress website

  • Hey guys

    Nice to come back to you. Hope everyone is fine.
    I’m facing a difficult issue with one of my wordpress websites these days. In fact the website was attacked and i have notices on examining the wordpress files that there is a folder which contains files that are like generated automatically (the folder of course does not belong to my wordpress folders). I tried deleting the folder, no way. I then tried deleting the files batch by batch, but after deleting one batch there were still many more files remaining and i’m sure they are generated automatically.

    I don’t really know how to deal away with this folder and the worst thing is that it is filling my disk space on the domain.

    I’m in desperate need of help please and thanks in advance.

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)

  • If you cannot find the shell code being used to add files, it may be the case that the actual webserver itself has been attacked.

    Thread Starter kloesnice

    (@kloesnice)

    Morning te_taipo and thanks for your response

    Exactly as you’re saying, the webserver was attacked. Till date i’ve wrote a great number of mails to the hosting support asking them to help me in cleaning the website’s domain, but there’s never been a response, so i was looking for a way to do it myself.

    Start by taking a series of logical steps in eliminating your own website as the source of the attack. Typical attack vectors target plugins, themes, and sometimes the wordpress core files themselves.

    – Back your website up fully, files and database.
    – Delete all the files in the wordpress root folder, and install a new set of wordpress files.
    – Enter the database credentials into the new wp-login.php in order for your site files to connect to the database (you can find them in your backed up wp-login.php file).
    – Google every plugin you use to see if any of them have been reported to have security vulnerabilities, same goes for themes. Do not reinstall the ones that have been reported.
    – Reinstall the plugins and themes that are safe

    Most of the time this will fix the issue. If not then you need to peruse your database via PHPMYADMIN for malware code entries.

    If there are no issues there, and the problem returns then it is highly likely the webserver itself is allowing directory traversal attacks (google directory traversal attack, also google symlink bypass attack). If your webhost does not give you a good enough response at this point, move your website to professional hosting.

    Thread Starter kloesnice

    (@kloesnice)

    Afternoon t@te_taipo and thanks for your response

    It’s true that i’ve gone through all the steps you’ve listed above unless directory traversal attack and symlink bypass attack googling

    I feel like the only thing i have to do now is changing my hosting provider, hoping that i’ll no more have problems.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Cleaning my wordpress website’ is closed to new replies.