jotabb

Hello,

Thanks you very much to all for your attention and tricks.

I have not seen something anormal with FTP and credencials. My provider too.
I’m still looking for something wrong in database but it’s difficult.

I use Worfence (of course, who saved my site !) and Antimalware by gotmls (who have detected the backdoor in the fake plugin). I have not done the first scan with wordfence after the desinfection by gotmls, so i don’t know if wordfence was able to detect it or not.

But in my tests, i have find something “funny” when i go to “add new plugin”, the first plugins proposed to me, are plugins from “wp-types.com” with the date of update 45 years ago !
Like in “red house” song, “there is something wrong”.

Other thing, i’m a surprised to not find others people with the same infection.

JB

Hello,

Same thing or nearly for me yesterday.
6 admins created (admin, admin1 …..)
From the same adress : 2-76-177-235.clodo.ru
No files in the core modified but a plugin added : “research_plugin_8hfT” with a backdoor script inside.

WordPress 3.9.2 ( now 4.0) and Wordfence updated and working (wordfence has alerted me that a administrator as loggin successfully with the login “admin”…)

My site is not hosted by godaddy.

Will give more details later.

Hello,

I have a problem with 2.0.8 version too.
Imposible to add or modify a event, i have a white page.

Everything else seem to work.

Could you put the link to version 2.0.7 again to see if it is the problem.

Thanks you verymuch