Miscellaneous code found

  • Resolved Ruma Dey Baidya

    (@holidaystory17)


    4 years, 3 months ago

    First of all thanks for the great plugin. I have some malware attacks and the plugin did a great job. But as per wordfence still, there is some infection. Can you please help me with this?

    ______

    Filename: site/eanrf.php
    File Type: Not a core, theme, or plugin file from www.remarpro.com.
    Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The matched text in this file is: <?php\x0a\x0a@ini_set(‘error_log’, NULL);@ini_set(‘log_errors’, 0);@ini_set(‘max_execution_time’, 0);

    The issue type is: Backdoor:PHP/keeperpage.913
    Description: A backdoor known as keeperpage

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author Eli

    (@scheeeli)

    Thanks,
    I think that the really bad stuff in that eanrf.php file was probably already removed if that code you posted is all that’s in that file. If there is more in there that you didn’t post here then you should send me that file so that I can see why it was missed. If it was one of the files that was already cleaned then you could send me the original contents of that file (found in the Anti-Malware Quarantine if you cleaned that file using my plugin).

    Either way you can probably delete that file just to be sure ??

    Thread Starter Ruma Dey Baidya

    (@holidaystory17)

    My site is working fine now, that’s why cleaned the quarantine files also. I can share the main file, Can you please share your email id?

    Plugin Author Eli

    (@scheeeli)

    Ok,
    For future reference, the Quarantine is just a record of the prior infection so it is completely safe to keep that info in case it might help in future investigations. Also, my email link is on the right of the Anti-Malware Settings page in your wp-admin but you can send me that file at this address ??
    eli AT gotmls DOT net

    Thread Starter Ruma Dey Baidya

    (@holidaystory17)

    Thanks, the file has been sent on your mail id.

    Plugin Author Eli

    (@scheeeli)

    Thanks for sending me that file. There was a lot more that that file then I thought. It turns out this was a new variant of an old threat which I have now updated in my definition. Please download the latest definition update and run the Complete Scan again to find and fix this threat using my plugin.

    Thread Starter Ruma Dey Baidya

    (@holidaystory17)

    Thanks, it works great. You are doing a wonderful job. thanks again.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Miscellaneous code found’ is closed to new replies.