chlopez1982

Sucuri just finished cleaning my website. Here’s their response:

I’ve just finished working on your case and clean now.
We’ve analyzed all your websites.

The following files were cleaned, hardened, or removed:

CLEARED: Found malware on file: wp-content/uploads/assignments/some.php. Details: php.backdoor.file_put_contents.001
CLEARED: Found malware on file: wp-content/uploads/assignments/some.php_1. Details: php.backdoor.file_put_contents.001

—

I believe that is the LearnDash LMS plugin’s folder. Not sure though!
Chris

Hi Everyone,

Posting for future readers.

Tobias is correct it was NOT a TablePress issue. Regardless, he promptly responded to my email and helped point me in the right direction.

Great support from him! Thank You Tobias!

I have 8 websites in my hosting account and all 8 get infected. Rather than trying to remove them, I restored my entire account.

Chris

Update:

It appears it has not only infected my one website, but my entire server. Other websites, even without this plugin installed, has this code injected into it.

Thanks

Hi Tobias,

Was this code injected: <script src=’https://cdn.examhome.net/cdn.js?ver=1.0.5&#8242; type=’text/javascript’></script>

I’ve been fighting the last few hours determining where that came from on my website.

Was that on your plugin end or something on my website? Thank you

It doesn’t appear to be a browser cache issue. I’ve tried it on different browser and computers… I’ve been doing testing and development work with my programming team for just under 10 years. I know how to clear a cache. None of the settings are saved and passed through to the website.