Hi, after doing an MScan on a client’s Admin, a suspicious PharmHack entry came up in the db. I couldn’t find either of the files the scan said to delete from the theme and root folder, and only one of the eight db option name rows mentioned in the dialog box came up – ftp_credentials, with the value a:3:{s:8:”hostname”;s:9:”localhost”;s:8:”username”;N;s:15:”connection_type”;s:3:”ftp”;} and autoload=Yes
I’m not exactly astute when it comes to editing databases, and I’m a bit thrown off by the fact that instead of just deleting the row when I select it and choose Delete (I’m working in PHPMyAdmin) it loads a page where I can edit each of the “cells” in the row. Do I just remove all the information in each cell – option name, option value, row ID and autoload, and then Save (and/or click “Go”?)?
Also, a scan of wp-includes found an htaccess file in that directory. I’m not sure if the following constitutes the contents of a default BPS .htaccess or not:
<Files *.php>
deny from all
</Files>
<Files wp-tinymce.php>
allow from all
</Files>
<Files ms-files.php>
allow from all
</Files>
Thanks for your help
.
