Cleaned Site – Strange issue

Home Forums Support Forum Cleaned Site – Strange issue

This topic contains 1 reply, has 2 voices, and was last updated by  Anti-Malware Admin 7 years, 3 months ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • January 5, 2017 at 10:02 am #1744

    Nick Murray
    Member

    I cleaned a customers site and locked down the site with a firewall plugin etc reset DB passwords.  Your plugin found a backdoor and 2 known issues.  I cleaned all of those and further scans show nothing.  The original issue the user noticed was bogus posts that were published.  I was able to remove all of them, however currently about ever couple hours a handfull of blank posts are creating as drafts, no content and the titles are taken from other posts.  Wondering if anyone has run into something like this, running out of ideas.

    January 5, 2017 at 11:21 pm #1745

    Anti-Malware Admin
    Key Master

    If those new drafts are not being generated by a local script (might not even be in the site directory, look for php files in the user’s home directory and check for cron jobs), then it could be a direct SQL injection using your DB credentials, otherwise it might also be entered from an admin’s local PC that is infected with a BHO or XSS exploit.

  • Author
    Posts
Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

Comments are closed.