Possible infected file quarantined

Home Forums BulletProof Security Pro Possible infected file quarantined

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • January 27, 2016 at 3:14 am #27933
    Zsolt Edelényi
    Participant

    I just activated a BPS Pro in a new site. Since then every 15 mins there is a file in quarantine. The same file: …/wp-admin/includes/last_update.txt. The file itself contain the full domain name. What do you think? Is it a begginning of a hack or something else? I found two infected files: admin/includes/class-fud.php and wp includes/canonical.php. The date of these files are equal to my first order in my woocommerce shop. Do you have any idea how it is possible? Woocommerce plugin is activated from the offical website: https://wordpress.org/plugins/woocommerce/ The most important question: what to do now?

    January 29, 2016 at 10:52 pm #27999
    Zsolt Edelényi
    Participant

    [Topic has been merged into this relevant Topic]
    Recently I have many core files of WP core. Is it possible that there is a background-update? I compared a few files to the original one, but I could not find hacker code, but a few changes.
    This is the current list of updated files:

    lass-wp-screen.php
    screen.php
    users.php
    postbox.js
    common.min.js
    common.js
    postbox.min.js

    I can send you the server log of that time of files quaranteened. Do you have any idea what this means? How these files get into my WP core?

    January 30, 2016 at 8:41 am #28017
    AITpro Admin
    Keymaster

    Sorry for the late reply.  We did not get an email notification about this new forum topic.  Send the files to:  info at ait-pro dot com so we can look at the files to see if they contain hacker code.

  • Author
    Posts
Viewing 3 posts - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.