Site hacked

Home Forums Support Forum Site hacked

This topic contains 2 replies, has 2 voices, and was last updated by  Anti-Malware Admin 3 months, 3 weeks ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #128249

    Hello Community,

    i found today that my wordpress site was hacked. GOTMLS is running.
    What i found was:
    1. load.php was changed
    2. there was  .aaaaa.css file in iclues/sodium/src
    3. wp-config was changed.
    4.
    The time the files where changed i find this in access log:
    85.214.41.226 – – [08/Jun/2024:00:18:49 +0000] “POST /?qLDzA=pMU HTTP/1.1″ 200 58980 “http://xxxxxxx” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.183” 1240 63620209.61.197.16 – – [08/Jun/2024:00:19:01 +0000] “POST /wp-content/plugins/shortpixel-image-optimiser/res/img/bulk/style.php HTTP/1.0” 200 121 “http://amazon1.org/” “Mozilla/5.0 (iPhone; CPU iPhone OS 16_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.2 Mobile/15E148 Safari/604.1” 9969 3914207.180.204.122 – – [08/Jun/2024:00:19:02 +0000] “POST /?Dawk=dHI HTTP/1.1″ 200 103 “http://xxxxxxxx/” “Mozilla/5.0 (iPhone; CPU iPhone OS 16_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1” 1248 4046146.255.83.74 – – [08/Jun/2024:00:19:03 +0000] “POST /?vRRIU=QRNI HTTP/1.1″ 200 56 “http://xxxxx/” “Mozilla/5.0 (iPhone; CPU iPhone OS 15_6_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.6.1 Mobile/15E148 Safari/604.1” 24284 3998

    I stupidly deleted the files :-(

    I could not do a GOTMLS scan …  I found the malicious files through a code profiler.

    Do you have any idea how I can find how these were uplaoded?
    THX Niels

    #128259
    #128592

    Anti-Malware Admin
    Key Master

    Thanks for sending me this new malicious code. I have added this new variant to my definition updates so that it can now be found and fixed with my Anti-Malware plugin.

    Please let me know if you find any more or if you continue to have repeated infections.

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

Comments are closed.