UNDER ATTACK

  • You MUST read the Babiato Rules before making your first post otherwise you may get permanent warning points or a permanent Ban.

  • You MUST read the Babiato Rules before making your first post otherwise you may get permanent warning points or a permanent Ban.

    Our resources on Babiato Forum are CLEAN and SAFE. So you can use them for development and testing purposes. If your are on Windows and have an antivirus that alerts you about a possible infection: Know it's a false positive because all scripts are double checked by our experts. We advise you to add Babiato to trusted sites/sources or disable your antivirus momentarily while downloading a resource. "Enjoy your presence on Babiato"

cmctina

Member
Jul 1, 2019
95
11
8
All my websites have been infected and now they are fucking me over. I did ask if all themes and files were same from here and I was told yes. I did do checks with virustotal on all but nothing comes up. Now this malware keeps fucking me up.

Can anyone identify this file

The issue type is: Backdoor:pHP/apies-hex.8825
Description: Hex-encoded apies.org C2 domain, typically found in backdoors

Can i just delete it using wordfence?
 

wooyihoo

Active member
Babiato Lover
Trusted Uploader
Oct 26, 2020
150
67
28
Put all your websites in cloud flare to hide the ip address. It's free. Even hackers have put their sites in cloud flare.

Just my a little tip.

Cheers!
 

Niko Nemo

Active member
Trusted Uploader
May 28, 2019
501
225
43
I’d like to suggest a few steps you can take yourself to clean and secure your website after a compromise:


1. Scan with Wordfence and use Wordfence to delete/replace any infected files. Scan with the “High sensitivity” scan type for best results.


NOTE: Before you delete any files, back them up just in case, and take note of when they were last modified. Write their filenames and timestamps down in a text file. This information can be used for tracing how they gained entry; for example, via access logs.


2. Make sure there are no administrator accounts on your site that you have not added yourself. If there are, access your database via phpMyAdmin and check the wp_users table. There, you can take note of exactly when the accounts were created. Add that information to your text file mentioned above. Then, delete the rogue admin accounts, or demote them to “subscriber” while you investigate so that they can’t do any further harm.


3. Change the passwords to your web hosting account, your database, and any remaining legitimate WordPress admin accounts immediately, if you haven’t already done so.


4. Have a look at the WordPress configuration file wp-config.php and your theme’s functions.php file. Inspect these manually to make sure that they look okay. If you are not sure what they should look like, try to find an old backup of the files or a fresh version from WordPress/your theme author to compare them to. Also inspect the .htaccess file in the root of your site to make sure it does not contain any malicious redirects.


5. Look over all your themes and plugins. Delete any themes and plugins that you are not using. Make sure all your plugins are up to date. Remove or replace any themes and plugins that are no longer being updated by their authors.


6. Check the WordPress upload directory to make sure there are no files there that look out of place.


7. Inspect your server’s access logs, which you can usually find in your cPanel or get from your web host. The access logs show every single request made on your site. If you look at the timestamp of infected files to detect when they were created, you may be able to match that up with particular requests in the access logs. If you can identify the first request in a cluster that appears to be involved when files on your site are edited, you may be able to figure out which request is the original culprit. Please note that there can be more than one access point once your site has been infected.


8. Keep an eye on your error logs. When infected files are removed, this can sometimes cause server errors. The error log can give you additional clues as to where infected pieces of code may be residing in your system.


9. You may want to talk to your web host and ask them if they can explain how your site was hacked. They have access to all server information, and are thus able to see things that you can’t see yourself. For example, it does happen occasionally on shared hosting that a site on one account will infect a site on another account.


Here’s a guide that can help with the previous suggestions.


https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/

I didn't write this text, its copied, but from the same problem you have, maybe will help!
 

cmctina

Member
Jul 1, 2019
95
11
8
Is it safe to use wordfence pro from here, I need it and cant afford buy it right now
 

funguy

Active member
Jul 31, 2020
255
124
43
India
digitalgyan.org
wiil it work with wordfence or i have to choose?
It will work with Wordfence. I have faced issues with Wordfence as it would destroy infected file if the file is not available in WP repository, on the other hand, GOTMLS deletes only malicious code, not the file. So, I find it smarter than Wordfence.
Still, have a backup just in case.
 
  • Like
Reactions: cmctina

pitza

Active member
Dec 13, 2019
332
184
43
wiil it work with wordfence or i have to choose?
If you're insecure, it will work with the free version of Wordfence too. Just grab it from the Wordpress Plugin store. I hope you can fix your sites without any issue.
 
  • Like
Reactions: cmctina

pitza

Active member
Dec 13, 2019
332
184
43
If Wordfence cannot find and fix it, they have info on how

If it's random files on your server outside of your theme and plugins, it might be the easiest to back up your posts and media and kill the server.
 
I have used GOTMLS plugin to fix many hacked websites. Must have a backup before using it.
Good plugin :)
I protect my website's with Sucuri and always update at the right moment, monitor all the websites.
Working for 7 years without any trouble and having like 140+ website's in my management.
Don't use garbage plugins that no one knows. Go on with the big names and keep the plugins count low. Don't install a plugin for every small thing.
 
  • Like
Reactions: kirk44
AdBlock Detected

Hi bro. Can you please help us?

I know the ads sometimes are too annoying and you want to use Adblock. But I think you can support us by adding Babiato to the whitelist. It will help us and our community.

Thanks for your help!

I've Disabled AdBlock