GoFuckYourself.com - Adult Webmaster Forum - View Single Post

RachelBlackG · 07-10-2015, 03:12 PM

You need to look for injected code in your own php files. It's most likely automated attack which inserts code to index.php files anywhere in hierarchy or create its own (like hello.php, help.php, code.php etc.). Look for your folders with 777. Code is also most likely inserted at the very beginning of file. There can be new php file that 777 some folder which is in use of some importing script that use cron or download data from somewhere. You should also implement Cloudflare and check your logs for failed ssh login attempts. Suspicious IP's need to be blocked on regular basis. I bet they will mostly come from China. If you do not use this traffic I recommend to block it completely. You can also turn off your mail server. But it will most likely result in another different type of attack.

Plugins to consider:
Block Bad Queries (BBQ)
Brute Force Login Protection
Sucuri Security
Wordfence Security

Also: Change all users "admin" in WP to different one. Change all passwords (wp/ftp/cpanel/ssh).

Good luck!

07-10-2015, 03:12 PM
RachelBlackG Elysium Industry Role: Join Date: Feb 2011 Location: Prague Posts: 1,037	You need to look for injected code in your own php files. It's most likely automated attack which inserts code to index.php files anywhere in hierarchy or create its own (like hello.php, help.php, code.php etc.). Look for your folders with 777. Code is also most likely inserted at the very beginning of file. There can be new php file that 777 some folder which is in use of some importing script that use cron or download data from somewhere. You should also implement Cloudflare and check your logs for failed ssh login attempts. Suspicious IP's need to be blocked on regular basis. I bet they will mostly come from China. If you do not use this traffic I recommend to block it completely. You can also turn off your mail server. But it will most likely result in another different type of attack. Plugins to consider: Block Bad Queries (BBQ) Brute Force Login Protection Sucuri Security Wordfence Security Also: Change all users "admin" in WP to different one. Change all passwords (wp/ftp/cpanel/ssh). Good luck!