Reply To: Malicious files found in wp-content/uploads

Home Forums Support Forum Malicious files found in wp-content/uploads Reply To: Malicious files found in wp-content/uploads


Anti-Malware Admin
Key Master

Your problem is a common one, and I can tell you the basic steps to pin down where this repeated infection is coming from.

Understand that there are two main types of exploits that hackers could use to continually infect your site (internal and external).

An internal exploit is one where there is a vulnerability on your site and the hacker, bot, or automated script is exploiting that vulnerability to infect more files on your site. If this is the case then there will be evidence of this activity in your access_log files. Simply examine the activity recorded in your logs at the exact time that the last infection occurred and you will have your answer (infection times are saved in the Anti-Malware Quarantine). If there is no activity in any of your log files at the times of the last infections then you can assume that these infections are coming in from an outside site, not any of your sites.

The most common kind of external infection is a cross-over infection from another site that is hosted on the same server as your site. Shared hosting server are notorious for having no cross-site security and thus it is extremely easy for hackers who have taken control of one site on a typical shared hosting server to use that site to infect all of the other sites on that same server (even if they are on another user’s account). This type of infection is harder to detect without root access to the server and even harder to prevent, as you will likely not have access to restrict the activities of other users on that server. The best thing you can do in this case is to move your sites to a more secure hosting environment.

Please feel free to let me know if you have any more questions on any of this.