WordPress.org
Get WordPress

Make WordPress Core

Opened 2 years ago

Closed 2 years ago

Last modified 2 years ago

#57910 closed defect (bug) (invalid)

ISP Audit

Reported by: nickh01's profile nickh01 Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: General Keywords:
Focuses: Cc:

Description

Hello
My ISP recently ran an audit on their system and the following email was received:

Hi Nick,
During a recent audit of our servers for malware the following files were found in your account that we believe may constitute a risk. Please investigate at your earliest convenience and remove any malware, upgrade any software installed (e.g. WordPress) or plugins. If these files are encrypted or for a legitimate reason or you believe they are a false positive then please reply to this ticket letting us know what the files do so we can add a security exception for them if necessary.
Files flagged by our report:
/home2/nhintcom/public_html/wp-admin/options-reading-xml.php
/home2/nhintcom/public_html/wp-content/plugins/index.php
/home2/nhintcom/public_html/wp-content/themes/index.php
/home2/nhintcom/public_html/wp-content/uploads/2014/index.php
/home2/nhintcom/public_html/wp-copy.php
Note: If you are unsure what these files do please contact your software vendor to confirm that these files should be encrypted.
Kind regards,
BetterWebSpace
You can follow us on Twitter (http://www.twitter.com/BetterWebSpace) or Facebook (http://www.facebook.com/BetterWebSpace)

Please can you let us know what the outcome is?

Regards
Nick Harness

Change History (1)

#1 @SergeyBiryukov
2 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed

Hi there, welcome to WordPress Trac! Thanks for the ticket.

I'm sorry to hear you are having an issue with your website.

These files are not a part of WordPress core and should not generally be present:

/home2/nhintcom/public_html/wp-admin/options-reading-xml.php
/home2/nhintcom/public_html/wp-content/uploads/2014/index.php
/home2/nhintcom/public_html/wp-copy.php

These files should be present:

/home2/nhintcom/public_html/wp-content/plugins/index.php
/home2/nhintcom/public_html/wp-content/themes/index.php

but should be exactly 28 bytes in size, with a single comment:

<?php
// Silence is golden.

and should be flagged if they contain anything else.

It appears that the site was hacked and some malicious files were uploaded.

Please note that this Trac is used for enhancements and bug reporting for the WordPress core software, not for individual support questions.

This article might be helpful: FAQ My site was hacked. Please try the support forums if you need any further help with your site.

Last edited 2 years ago by SergeyBiryukov (previous) (diff)
Note: See TracTickets for help on using tickets.