Terence Wilks

Forum Replies Created

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • April 14, 2018 at 7:13 pm in reply to: wp-tmp and wp-feed #2075

    Terence Wilks
    Member

    My issue turned out to be a whole stack of false PNG files in the Upload area that contained @eval statements.  When I cleaned out wp-tmp.php and functions.php from my template the @eval statements were allowing script injection.   If you can’t get your website clean using this plugin then delete all of the file types from the filter so that it can see into PNG, JPG, etc files.  I haven’t found the initial entry point yet but I’m assuming it was a plugin.

    April 12, 2018 at 6:04 pm in reply to: wp-tmp and wp-feed #2069

    Terence Wilks
    Member

    GOTMLS identified wp-tmp as a problem containing an ad injection script and offered a fix.  However, it did not identify one of the underlying issues that kept rewriting wp-tmp.php which was in the template functions.php; I’ve included the code at the end of this entry.

    I removed that from functions.php but it seems as though there is other code somewhere that I have yet to locate that is rewriting that functions.php code.

    If anyone has run across this before I’d love to hear from you.

    • This topic was modified 6 years, 11 months ago by  Anti-Malware Admin. Reason: Malicious code removed
  • Author
    Posts
Viewing 2 posts - 1 through 2 (of 2 total)