Files weren’t Quarantined

[Terry]

I have a number of sites that use to run InstaBuilder, InstaTheme and InstaMember. Although most had those plugins deactivated it appears that hackers figured out how to use them to add files to the hosting accounts. I have deleted them on all but one site but my concern is why didn’t BPS Pro quarantine these files. These attacks took place in the past week. I also have a customer that had her site blacklisted by Google for the same attacks and yes she had InstaBuilder. All the INsta products have not been maintained for several years after the death of the creator of them so I have been advising everyone to replace with others. My concern is again how did they get on my sites with BPS Pro not quarantining them. Here is a short example. You can see they created one folder called “-” and another a plugin folder called “askim”

play_arrow
August 29, 2022 5:07 AM insert_drive_file gcspecial
/home/gcspecial/public_html/-/index.php
SMW-BLKH-115527-php.phish.auto83 Infected
remove_red_eye
visibility_off
play_arrow

August 29, 2022 5:07 AM insert_drive_file gcspecial
/home/gcspecial/public_html/wp-admin/includes/admin-post.php
SMW-BLKH-115629-php.bkdr.wshll.auto94 Infected
remove_red_eye
visibility_off
play_arrow

August 29, 2022 5:07 AM insert_drive_file gcspecial
/home/gcspecial/public_html/wp-content/plugins/askim/cache/ws.php
SMW-BLKH-115629-php.bkdr.wshll.auto94 Infected
remove_red_eye
visibility_off
play_arrow

August 29, 2022 5:07 AM insert_drive_file gcspecial
/home/gcspecial/public_html/-/manage/index.html
SMW-BLKH-132226-html.phish Infected
remove_red_eye
visibility_off
play_arrow

August 29, 2022 5:07 AM insert_drive_file gcspecial
/home/gcspecial/public_html/-/block3.php
SMW-BLKH-1426632-php.phish.autoast Infected
remove_red_eye
visibility_off
play_arrow

August 29, 2022 5:07 AM insert_drive_file gcspecial
/home/gcspecial/public_html/wp-content/plugins/askim/cache/2.php
SMW-BLKH-1500778-php.tool.drpr.wp Infected
remove_red_eye
visibility_off
play_arrow

August 29, 2022 5:07 AM insert_drive_file gcspecial
/home/gcspecial/public_html/wp-content/plugins/askim/cache/xe.php
SMW-BLKH-19459-php.bkdr.wshll.auto94 Infected
remove_red_eye
visibility_off
play_arrow

August 29, 2022 5:07 AM insert_drive_file gcspecial
/home/gcspecial/public_html/wp-content/plugins/askim/cache/up.php
SMW-INJ-13278-php.tool.upld-10 Infected
remove_red_eye
visibility_off
play_arrow

August 29, 2022 5:07 AM insert_drive_file gcspecial
/home/gcspecial/public_html/wp-post.php
SMW-INJ-13278-php.tool.upld-10 Infected
remove_red_eye
visibility_off
play_arrow

August 29, 2022 5:07 AM insert_drive_file gcspecial
/home/gcspecial/public_html/-/function.php
SMW-INJ-17202-php.spam.drwy-3 Infected
remove_red_eye
visibility_off
play_arrow

August 29, 2022 5:07 AM insert_drive_file gcspecial
/home/gcspecial/public_html/lock360.php
SMW-INJ-19867-php.bkdr.remote-0 Infected
remove_red_eye
visibility_off
play_arrow

August 29, 2022 5:07 AM insert_drive_file gcspecial
/home/gcspecial/public_html/wp-comements-post.php
SMW-SA-04922-php.tool.upldr-2 Infected
remove_red_eye
visibility_off
play_arrow

August 29, 2022 5:07 AM insert_drive_file gcspecial
/home/gcspecial/public_html/wp-content/plugins/askim/cache/up1.php
SMW-SA-04922-php.tool.upldr-2 Infected
remove_red_eye
visibility_off
play_arrow

[AITpro Admin]

I’d have to investigate your hosting account to give you any sort of answers.  Contact me directly at:  info@ait-pro.com.

[AITpro Admin]

The BPS free plugin was installed on the site/hosting account that I checked.  I have installed BPS Pro on that site.  Since BPS Pro was not installed then AutoRestore was not installed.  I didn’t find anything suspicious or malicious under this hosting account.  I also ran an MScan scan and MScan did not find anything malicious.

[Author]

Posts