What's new

wordpress cloaked hack files

findtim

Top Contributor
i've got a site thats a problem, keeps getting files linking to "nike" chinese sites, i've wordfenced and all clear, i've sucuri and all clear.
but when i try to back it up and download it to search for problems my computer says " F off, i'm not downloading that "
finally got all the files to download and to my surprise there are files at the root that are NOT visible in ftp or cpanel filemanager.
i'm surprised sucuri didn't pick them up but they appear to " not be there " ????
so thus i can't delete them !!!!!!!
i think they are using them as gateways to keep injecting hacks.
has anyone else had this experience ?
the reason i found them was by comparing files form other sites i have with the same "file trees" + they are using ASP files on a php server so it makes it easier to spot.
i haven't been able to find anything on the net to help me.
any advice appreciated
tim
 

chris

Top Contributor
finally got all the files to download and to my surprise there are files at the root that are NOT visible in ftp or cpanel filemanager.

Hi Tim, what do you mean by this bit? If you go into File Manager, do you have the option to view hidden files?
 

findtim

Top Contributor
no, i can't see anywhere to select that option, an i just got a reply from HG which basically is a standard reply which said " tough, pay for sitelock "
they deleted 3 files and listed them to me, they however didn't delete the other 15+ files i discovered and also the cloaked files i discovered.
i uploaded a blank .php file named the same as what i think is causing the damage and it showed up, i didn't get a " do you want to overwrite the existing file" which i felt was weird, and then i deleted the blank file.
so at this moment i can't see it but if i download it downloads, HG are ignoring me and deleting other files, the site is online and working and we are getting orders but google hates me and of course they are not replying to me.
sucuri doesn't pick it up, wordfence doesn't pick it up but i can bloody see it !
frustrated tim
 

petermeadit

Top Contributor
Sounds like your box is owned. I would revoke all access privileges, change all passwords and then watch the log files.
 

Community sponsors

Domain Parking Manager

AddMe Reputation Management

Digital Marketing Experts

Catch Expired Domains

Web Hosting

Members online

No members online now.

Forum statistics

Threads
11,098
Messages
92,044
Members
2,394
Latest member
Spacemo
Top