init.php ??? A Backdoor Files ????
 

Filename: wp-content/themes/init.php

File Type: Not a core, theme, or plugin file from wordpress.org.

Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: de($x)));');$b374k("H4sIAAAAAAACA+z9eZ+jyLEwCv/vT1GuZ+6p7kNPg0ALTLvHB0ksEhJCgCTA9u0fO4hVbAJsf/cLaCmpqnoZj895n/c+d/xzF8olMjIyIjIiMzLzT3+OnfjhJ2qxGuML4S9PQWTkvvkli774 kWo8/e3h84OaJGr17tEsYz9KzOTxw8NjZiaB....

The infection type is: A backdoor known as 18aaaa.

Should i push Deleted this files?, got Notice by wordfence but sometimes those mean not much :1orglaugh

Serious question here .

Thanks

i would reinstall the whole site, who knows which wp files did that init.php modify.

Read this thread on 18aaaa ( Post #5 & 6 )

https://www.cloudlinux.com/forum/imu...rantined-files

Thats exactly what Sly told me yesterday :upsidedow
SUCKS was getting good SE traffic with that site running WP-Script :mad:,
Starting fresh not so tempting :1orglaugh

Don't know if because im half as sleep still but Cant find #6 lol, unless i need to create an account to see restricted post ?
I only saw 5 post reply.

Thanks for your replied. :thumbsup

That won't help. There is a breach somewhere. It can be a backdoor (99% of so-called nulled plugins and themes for WordPress have it). Or it can be a problem with server itself. E.g. Ubuntu OS - the system that can be hacked in a minute by even a monkey.

↑↑↑ Truth

So many WordPress thrmes & plugins are not secure.

They have injected Mining Code to the site.

<div style="position:absolute;left:-4865px;top:-3595px;">
<a href="http://grainesdesol.fr/index.php?gnregr=lenovo-miix-2-8-factory-reset">grainesdesol.fr</a>
</div>
<div style="position:absolute; left:-5477px;top:-1560px;">
<a href="http://market4.ir/index.php?hnhjkl=can-you-make-money-selling-bitcoins">market4.ir</a>
<a href="http://market4.ir/index.php?hnhjkl=cara-mining-bitcoin-di-android">earn on android</a> earn bitcoin on android 2017
<a href="http://market4.ir/index.php?hnhjkl=is-it-good-idea-to-invest-in-bitcoin">here</a>
<a href="http://market4.ir/index.php?hnhjkl=bitcoin-conversion-calc">http://market4.ir</a>
</div>

<div style="position:absolute;left:-4865px;top:-3595px;">
<a href="http://grainesdesol.fr/index.php?gnregr=lenovo-miix-2-8-factory-reset">grainesdesol.fr</a>
</div>
<div style="position:absolute; left:-5477px;top:-1560px;">
<a href="http://market4.ir/index.php?hnhjkl=can-you-make-money-selling-bitcoins">market4.ir</a>
<a href="http://market4.ir/index.php?hnhjkl=cara-mining-bitcoin-di-android">earn on android</a> earn bitcoin on android 2017
<a href="http://market4.ir/index.php?hnhjkl=is-it-good-idea-to-invest-in-bitcoin">here</a>
<a href="http://market4.ir/index.php?hnhjkl=bitcoin-conversion-calc">http://market4.ir</a>

But but but This happened While the Server WP-script was down 2x during the month for roughly a week each time. :mad::1orglaugh Weird Weird Weird

SO i wonder IF that WP-Script Server issue Could have made my site become WEAK by using his WEAK FREE Theme while license server down...

IS over a week i got a bad feeling about it. WEIRDDDDDDDD

I wouldn't focus blame on any one theme or plug-in, this is a "nature of the beast" scenario with WordPress. This is why it's crucial to have any WordPress installations set up in an environment where any malicious injections will not impact other sites. It's also crucial to make sure WordPress, themes and plug-ins are updated at all times.

There is a very common practice of "build and forget" in the affiliate marketing industry. Unfortunately with WordPress this is a disaster waiting to happen because there are so many vulnerabilities. The best way to prevent mass disaster is creating a proper environment as mentioned above and updating religiously. Even this does not guarantee victory.

As the old saying goes "it is what it is." Take the best precautions you can, do the best maintenance you can and accept that things may/can go wrong.

By the way, you can rebuild your site without losing the search engine traffic that you spoke of. We have done it for literally hundreds of sites. Rebuilding the site does not mean total failure. It simply means some good ol' elbow grease. ;-)

are u use a free theme or a nulled plugin?

Your right i guess, so no more wordpress for me will switch to KVS my 2 wp-script Left.
So no dev to blame about it :winkwink:

WP-script WEAK free theme 2 week in the last month ( Not change by me BTW ) is like a magic shit going on with French Sebastien LMAO :1orglaugh
Nulled plug in are removed when wordfence gives a warning about it or a plug in let down.
I only use plug in from respiratory if i have too.

it could well be installed a year ago as well as a month ago. it remains to scan all files and the database. It is worth to rip the original files from the server (wordprees main files) and files from the original wordpress and compare if they are not changed! remember about the wp-config file :)
shit work for a few hours

I wonder if all sites using that script we're injected while it was down.

Is their ecrypted code on that script? If so, it's likely that's your backdoor.

This is why I never have any scripts that have encrypted code because you never know what the owners going to do with it and if there's a back door which there usually is because it needs to connect with the server and verify info to work.

This is very true.

These exploits can remain dormant for months, even years. Then a particular event triggers them in action and boom.

I know if i would be a client of VACARES/ SLY they would have take over and fix all this already for me :thumbsup

But unfortunetly for me im with King-Servers.com and will see what i can get from them done today or tomorrow :1orglaugh
Their very good to me usually, so will see whats up this weekend hopefuly.

Shitty weekend ahead :thumbsup