Now and then hacked

  • Resolved jaroslawistok

    (@jaroslawistok)


    4 years, 7 months ago

    I don’t know but somehow is my site hacket and I see in browser:

    action=activate&plugin=gotmls%2Findex.php&plugin_status=all&paged=1&s&_wpnonce=8cd617fab6

    Not even plugin details popup is not to see, instaed:

    tab=plugin-information&plugin=gotmls&

    I renamed plugin via ftp than renamed it back but an’t activate.

    What could I do Eli?

    Uploaded again can’t be activated:

    action=activate&plugin=gotmls_%2Findex.php&plugin_status=all&paged=1&s&_wpnonce=0859695980

    MAIL from provider:

    * Malware URL(s)
    URL: hXXp://istok[.]de/wp-content/payment/sy4xzx9levp/rial8301054656767v0qexwt3jg/
    Proof: https . urlhaus.abuse.ch/url/435467

    No plugin can be activated even if I deleted this “payment” folder ??

    The page I need help with: [log in to see the link]

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Eli

    (@scheeeli)

    If I understand you right, you are saying that once you delete the malicoius code in the “payment” folder then you are unable to activate any plugins (not even mine). Can you send me a screenshot of the error you get?

    Can you check the error_log file on your server after trying to activate a plugin so that you can see the cause of this new error?

    Thread Starter jaroslawistok

    (@jaroslawistok)

    Thank You Eli. I had to work quickly so I somehow got this all to work via backup.
    I just don’t know how this first occurs ??

    Thanks for now!

    Plugin Author Eli

    (@scheeeli)

    ok, well, if it happens again then just send me a screenshot of the error message so that I can assist you better.

    Thread Starter jaroslawistok

    (@jaroslawistok)

    Thank You Eli. I am afraid because I sometimes get email failures thet an email could not be sent for example from

    [email protected] to [email protected], [email protected]

    mostly even from [email protected] which is my domain but there is no such address created by me. I ave no clue if it is from wordpress or somehow from my computer?
    Do you maybe have idea how to find it out? Your plugin has found nothing.

    Plugin Author Eli

    (@scheeeli)

    You need to look in the headers of the emails to see where they are being sent from. Anyone can send emails and say that it’s coming from your address (or a variation on your address).

    You can also create SPF, DKIM, and DMARC Records in your Domains DNS so that other malicious senders get rejected while your messages get approved. You may need to read up on how to do that and you’ll want to coordinate with your host to get the right IPs and matching keys for those records.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Now and then hacked’ is closed to new replies.