Site hacked but scan clean (MailPoet hack)??

Home Forums Support Forum Site hacked but scan clean (MailPoet hack)??

This topic contains 0 replies, has 1 voice, and was last updated by  Anonymous 5 years, 1 month ago.

Viewing 1 post (of 1 total)
  • Author
    Posts
  • March 16, 2019 at 2:48 am #2250

    Anonymous

    I have been targeted a couple of time and i believe it relates to the Mailpoet hack although i could be wrong (i’ve never had Mailpoet).

    It happened a few weeks ago and a theme was installed and a new user was added called Jakonda. Files were modified and spam was added to the website.

    I changed passwords, deleted the theme and user and tried to clean the files and installed Wordfence.

    The same thing has just happened again but this time it deleted the Wordfence install.

    I have checked the server logs and this is what shows each time:

    [15/Feb/2019:12:07:56 +0000] “POST /wp-admin/admin-post.php?page=wysija_campaigns&action=themes HTTP/1.1″ 200 20 “-” “Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0)

    from then various plugins are installed eg:

    [15/Feb/2019:12:08:23 +0000] “POST /wp-content/plugins/cherry-plugin/admin/import-export/upload.php HTTP/1.1″ 404 6238 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:64.0)

    I have ran your scan but nothing is found.

    How can i ensure that this is dealt with?

    I can send the full server logs if it will help more?

    Kind regards

    Scott

  • Author
    Posts
Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.

Comments are closed.