Unknown file in mu-plugins

  • Resolved Kevan Pegley

    (@kevanp)


    5 years, 7 months ago

    I just got this error message when trying to access my site:

    Fatal error: Cannot redeclare ottpq() (previously declared in /var/sites/t/tanamerah.com/public_html/wp-content/mu-plugins/idmqlsou.php:2) in /var/sites/t/tanamerah.com/public_html/wp-content/mu-plugins/idmqlsou.php on line 2
    The site is experiencing technical difficulties.

    I have no idea where the file idmqlsou.php has come from. I have moved it out of the mu-plugins directory (which is otherwise empty) and the site seems to be working fine now.

    Anybody any idea where this spurious .php file came from, and what it might be doing? Doesn’t show up in a forum search—or even a Google search

Viewing 3 replies - 1 through 3 (of 3 total)
  • Thread Starter Kevan Pegley

    (@kevanp)

    Here’s what is in the idmqlsou.php file:

    <?php
    [malware code redacted]

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    Get a fresh cup of coffee, take a deep breath and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

    If you’re unable to clean your site(s) successfully, there are reputable organizations that can clean your sites for you. Sucuri and Wordfence are a couple.

    Thread Starter Kevan Pegley

    (@kevanp)

    Thanks. Aargh! Needed more than coffee!

    Anyway I installed WordFence—which has to be one of the best documented plugins I’ve ever used. It found a stack of dodgy php files scattered around my site, plus some spurious code inside my wp-config file, which I excised manually.

    All is now clean, and I’ve changed, and strengthened, my login passwords to the site and the host.

    I did notice — because I received an error message after I’d changed the site admin password — that I’d provide the login details to IFTTT. Maybe I shouldn’t have done that? Anyway, no more. Shame, because I used IFTTT to post on Twitter when I publish a new blog post.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Unknown file in mu-plugins’ is closed to new replies.

Tags