Hi,
Thank you for the response.
My shared hosting provider runs some form of malicious code scans on a regular basis.
Their response to identifying the malicious code in my sql database backups was to disable my Outbound Ports 80, 443, 587 and 465. (Port80 in Cpanel) The site did remain accessible.
The consequence was that Wordfence, Analytics, SEO plugins did not function properly, and the WordPress “Add New” plugins page would not load.
The code in question was found in UA column of the wfHits table. Full text of the entry:
}__test|O:21:”JDatabaseDriverMysqli”:3:{s:2:”fc”;O:17:”JSimplepieFactory”:0:{}s:21:”\0\0\0disconnectHandlers”;a:1:{i:0;a:2:{i:0;O:9:”SimplePie”:5:{s:8:”sanitize”;O:20:”JDatabaseDriverMysql”:0:{}s:8:”feed_url”;s:119:”eval(chr(112).chr(104).chr(112).chr(105).chr(110).chr(102).chr(111).chr(40).chr(41).chr(59));Factory::getConfig();exit”;s:19:”cache_name_function”;s:6:”assert”;s:5:”cache”;b:1;s:11:”cache_class”;O:20:”JDatabaseDriverMysql”:0:{}}i:1;s:4:”init”;}}s:13:”\0\0\0connection”;b:1;}????
I’ll reach out in the “Duplicator” plugin forum to see if there is some way I can disable the creation of the SQL file, as the same SQL file contained in the ZIP file that is also created does not seem to cause issue.
I’m not sure what can be done, or how to work around this yet, but I felt I should share the experience.
Thanks again.
Phil
-
This reply was modified 8 years, 3 months ago by
philrp.