Recurring Obfuscated PHP

Home Forums Support Forum Recurring Obfuscated PHP

This topic contains 1 reply, has 2 voices, and was last updated by  Anti-Malware Admin 7 years ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
  • #1779

    Fred Siver

    Hello Eli,


    We have donated many times to you/your plug-in, and it had been a godsend. Your plugin has found every malicious file we have encountered thus far. With that said, we continue to have an infection with obfuscated php showing up in our wordpress files. We have found PHP Backdoors within our WordPress files (ex.: wp-config.php, wp-settings.php, etc.) which create PHP shell scripts in new PHP files, sometimes with plausible names (assumingly to prevent manual deletion) other times with random names; all files have either been infected PHP files, or newly, maliciously created PHP files. I was wondering if you had any idea as to why they continue to regenerate, even when your plug-in says we have repaired all PHP Backdoor files by removing the PHP Backdoor script(s), and deleted the PHP Shell files.

    This is a wide spread infection that has infected most of the websites I have in the same cPanel hosted as addon domains.

    Again I was wondering if you had any ideas as to why my websites continue to be reinfected and/or would be kind enough to look in to one of my websites in order to pinpoint the problem.


    Fred Siver


    Anti-Malware Admin
    Key Master

    This sounds like the classic shared hosting conundrum. Most shared hosting servers are wide open to crossover attacks, where a back-door or cron task on one site will infect many or all of the other sites on the server. If you can’t find the root source of the threat on any of your sites then it could be coming from a site on another account and there may not be much you can do about that.

    I suggest switching to another, more secure, hosting environment. I do offer Super Secure Hosting for just such a problem as this and I can guarantee that your sites will not get re-infected on any of my servers. If you are interested in switching to my Super Secure Hosting then you can email me directly and we can discuss you particular hosting needs. If you are going to move to any other hosting providers, I suggest that you spread out your sites on different accounts/servers to minimize the crossover threat and isolate any problems you may bring over to the new server (if you put an infected site on any of my servers it would not be a problem).

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

Comments are closed.