Jili fc slot no deposit bonus philippines.Enjoy Free 888+200 Daily Legal Bonus

theresaf1
(@theresaf1)

4 years, 7 months ago

My client said someone went to the website I installed I-Themes Security on (after they called about this) and it said they have a virus. I logged in and it was redirecting to the Flash Player con that we all know to get us to install Flash, but this does not happen all the time. Since the install of the Security plugin, I got the below message. Please let me know if this is an issue, as I ran a malware and it says the site is clean so not sure. Any smart people able to help? Also, the site is only for information with no users, etc other than me updating their info fyi. See below –

Module File Change
Type Warning
Description 0 Added, 1 Removed, 1 Changed
Timestamp 2020-08-01 16:59:20
User
URL WP-Cron Scheduled Task
Changed
wp-includes/class-wp-http-netfilter.php
Removed
wp-admin/css/.default
Added
Total Memory 57.64 MB
Memory Used 5.46 MB
Raw Details
Hide Raw Details

id => 343
module => file_change
type => warning
code => changes-found::0,1,1
timestamp => 2020-08-01 16:59:20
init_timestamp => 2020-08-01 16:59:19
remote_ip => 107.180.125.172
user_id => [empty string]
url => wp-cron
memory_current => 52138776
memory_peak => 58863408
data => Array
added => Array()
removed => Array
wp-admin/css/.default => Array
d => [integer] 1596209299
h => c34e801effbb22ae03f3ba0f15a1283b
t => r
s => [integer] 1
p => WordPress Core v5.4.2
changed => Array
wp-includes/class-wp-http-netfilter.php => Array
d => [integer] 1596299070
h => d300e83971b3d42edb38b47598832cb1
t => c
s => [integer] 1
p => WordPress Core v5.4.2
memory => [double] 5.46
memory_peak => [double] 57.64

Viewing 10 replies - 1 through 10 (of 10 total)

nlpro
(@nlpro)

4 years, 7 months ago

Despite the malware scan result (which is known not to be 100% reliable), the File Change Detection scan result clearly indicates there are changes being made in WordPress core files which cannot be attributed to legal activities. In other words the site is definately compromised and needs to be cleaned up.

To prevent any confusion, I’m not iThemes.

beardedginger
(@beardedginger)

4 years, 7 months ago

Hi,

I would also like to add that the plugin will only inform you of changes made (if modules are enabled) but it does not have the capability to inform you of any issues in regards to those changes.

Thanks,

Matt

Thread Starter theresaf1
(@theresaf1)

4 years, 7 months ago

I see what is happening. Wondering if you guys can help with input. I have shared hosting on Go Daddy and know they will charge a lot. The person that was working for me did not properly protect these sites, even though I paid her.

That said, I keep deleting a text file in cgi-bin. The file keeps repopulating itself. I see all the redirects in there… what can I do, as I notice this on more than one site. Please assist with any input. I tried to delete lines of code in the htaccess file but still repopulated. This must have been injected prior to installing I-Themes Security.

Thank you!

Thread Starter theresaf1
(@theresaf1)

4 years, 7 months ago

What I noticed is that the line of code that keeps changing had the permissions set for anyone to “write”. So it said the world can both “read” and “write” to that file, so I turned off “write” and so far the “default” file with all the malicious code was not reinserted into the folder cgi-bin. I notice this on another site and will see if deleting the folder cgi-bin stops that for fun, but hopefully I fixed this? Any input appreciated!!! What was happening, is my client’s site would redirect to different spam sites, but not all the time, sporadically!

Thread Starter theresaf1
(@theresaf1)

4 years, 7 months ago

Well, just looked, and it is re-added to cgi-bin folder again. Dang… help!

nlpro
(@nlpro)

4 years, 7 months ago

Once your site is hacked it’s probably better to post in a more appropriate support forum.

You’ll find one and usefull info in the FAQ My site was hacked post.

Thread Starter theresaf1
(@theresaf1)

4 years, 7 months ago

So, I deleted the cgi-bin folder, and then went on my security program, and did a bunch of extra security features. They are having a hard time finding the file now. Is there a way to block all IP Addresses other than mine from accessing the data on my server. Anyone know? There is no reason that any IP addresses should want access to my server other than my security program and the few trusted folks I allow access. Thoughts?

nlpro
(@nlpro)

4 years, 7 months ago

Unsubscribed…

ontheroad
(@ontheroad)

4 years, 3 months ago

Any update on this?

mehmet061
(@mehmet061)

4 years, 1 month ago

Hi,

The same problem happens on my website. I delete the file, then file abandonment occurs.

Unknown file in WordPress core: wp-includes/class-wp-http-netfilter.php
Type: File

Filename: wp-includes/class-wp-http-netfilter.php
File Type: Core
Details: This file is in a WordPress core location but is not distributed with this version of WordPress. This scan often includes files left over from a previous WordPress version, but it may also find files added by another plugin, files added by your host, or malicious files added by an attacker.

Viewing 10 replies - 1 through 10 (of 10 total)

The topic ‘Security Breach?’ is closed to new replies.