“toggige-arrow.jpg” file regenerates

  • Resolved maartenpb

    (@maartenpb)


    8 months ago

    Hello,

    We are currently facing some issues on our webserver and it seems to infect some websites. The problem is as following:

    In our “public_html” map there is a folder and a file that keep regenerating, whatever we do. Delete, change permission, change file, delete with WordFence etc. etc. The file name is “toggige-arrow.jpg” located in a regenerated map called “images”.

    This file, disguised as a image, contains a lot of decripted code. Somehow this file is connected to the index.php file, where it adds another decripted line of code. Both files “index.php” and toggige-arrow.jpg can’t be changed or deleted.

    Because our website is in quarantine, there are no open connections via SSH or whatsover. It seems that it happens on the website itself.

    Is there any way how we can fix this? Thank you in advance.

    The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)
  • Plugin Support wfmargaret

    (@wfmargaret)

    Hi @maartenpb,

    Please run a scan with Wordfence and use it to delete/replace any infected files. Scan with the High Sensitivity scan type for best results. You can update this setting at Wordfence > Scan > Scan Options and Scheduling > High Sensitivity. Make sure to back up your site files before deleting anything.

    As a rule, any time I think someone’s site has been compromised, I also tell them to update their passwords for their hosting control panel, FTP, all WordPress admin users, and database. Make sure to do this.

    You should also update all plugins and themes, and ensure that you’re running the latest version of WordPress core.

    We have the following checklist for site admins to clean sites: https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/  Additionally, you might find the WordPress Malware Removal section in our Learning Center helpful: https://wordfence.com/learn/ 

    If you are unable to clean this on your own, there are paid services that will do it for you. Wordfence offers one and there are others. Regardless of whether you choose to clean it yourself or let someone else do it, we recommend that you make a full backup of the site beforehand.

    Thanks,
    Margaret

Viewing 1 replies (of 1 total)
  • The topic ‘“toggige-arrow.jpg” file regenerates’ is closed to new replies.