Home › Forums › BulletProof Security Pro › Files weren’t Quarantined
- This topic has 2 replies, 2 voices, and was last updated 1 year, 7 months ago by AITpro Admin.
-
AuthorPosts
-
TerryParticipant
I have a number of sites that use to run InstaBuilder, InstaTheme and InstaMember. Although most had those plugins deactivated it appears that hackers figured out how to use them to add files to the hosting accounts. I have deleted them on all but one site but my concern is why didn’t BPS Pro quarantine these files. These attacks took place in the past week. I also have a customer that had her site blacklisted by Google for the same attacks and yes she had InstaBuilder. All the INsta products have not been maintained for several years after the death of the creator of them so I have been advising everyone to replace with others. My concern is again how did they get on my sites with BPS Pro not quarantining them. Here is a short example. You can see they created one folder called “-” and another a plugin folder called “askim”
play_arrow August 29, 2022 5:07 AM insert_drive_file gcspecial /home/gcspecial/public_html/-/index.php SMW-BLKH-115527-php.phish.auto83 Infected remove_red_eye visibility_off play_arrow August 29, 2022 5:07 AM insert_drive_file gcspecial /home/gcspecial/public_html/wp-admin/includes/admin-post.php SMW-BLKH-115629-php.bkdr.wshll.auto94 Infected remove_red_eye visibility_off play_arrow August 29, 2022 5:07 AM insert_drive_file gcspecial /home/gcspecial/public_html/wp-content/plugins/askim/cache/ws.php SMW-BLKH-115629-php.bkdr.wshll.auto94 Infected remove_red_eye visibility_off play_arrow August 29, 2022 5:07 AM insert_drive_file gcspecial /home/gcspecial/public_html/-/manage/index.html SMW-BLKH-132226-html.phish Infected remove_red_eye visibility_off play_arrow August 29, 2022 5:07 AM insert_drive_file gcspecial /home/gcspecial/public_html/-/block3.php SMW-BLKH-1426632-php.phish.autoast Infected remove_red_eye visibility_off play_arrow August 29, 2022 5:07 AM insert_drive_file gcspecial /home/gcspecial/public_html/wp-content/plugins/askim/cache/2.php SMW-BLKH-1500778-php.tool.drpr.wp Infected remove_red_eye visibility_off play_arrow August 29, 2022 5:07 AM insert_drive_file gcspecial /home/gcspecial/public_html/wp-content/plugins/askim/cache/xe.php SMW-BLKH-19459-php.bkdr.wshll.auto94 Infected remove_red_eye visibility_off play_arrow August 29, 2022 5:07 AM insert_drive_file gcspecial /home/gcspecial/public_html/wp-content/plugins/askim/cache/up.php SMW-INJ-13278-php.tool.upld-10 Infected remove_red_eye visibility_off play_arrow August 29, 2022 5:07 AM insert_drive_file gcspecial /home/gcspecial/public_html/wp-post.php SMW-INJ-13278-php.tool.upld-10 Infected remove_red_eye visibility_off play_arrow August 29, 2022 5:07 AM insert_drive_file gcspecial /home/gcspecial/public_html/-/function.php SMW-INJ-17202-php.spam.drwy-3 Infected remove_red_eye visibility_off play_arrow August 29, 2022 5:07 AM insert_drive_file gcspecial /home/gcspecial/public_html/lock360.php SMW-INJ-19867-php.bkdr.remote-0 Infected remove_red_eye visibility_off play_arrow August 29, 2022 5:07 AM insert_drive_file gcspecial /home/gcspecial/public_html/wp-comements-post.php SMW-SA-04922-php.tool.upldr-2 Infected remove_red_eye visibility_off play_arrow August 29, 2022 5:07 AM insert_drive_file gcspecial /home/gcspecial/public_html/wp-content/plugins/askim/cache/up1.php SMW-SA-04922-php.tool.upldr-2 Infected remove_red_eye visibility_off play_arrow
AITpro AdminKeymasterI’d have to investigate your hosting account to give you any sort of answers. Contact me directly at: info@ait-pro.com.
AITpro AdminKeymasterThe BPS free plugin was installed on the site/hosting account that I checked. I have installed BPS Pro on that site. Since BPS Pro was not installed then AutoRestore was not installed. I didn’t find anything suspicious or malicious under this hosting account. I also ran an MScan scan and MScan did not find anything malicious.
-
AuthorPosts
- You must be logged in to reply to this topic.