Hi,
Make sure your Wordpress and plugins are up to date. Not only the site that got injected but all sites on the server.
I would also suggest listing all newly edited files on your host, to find all affected files.
Here's a script that will do this for you
Quote:
<?php
function aasort (&$array, $key) {
$sorter=array();
$ret=array();
reset($array);
foreach ($array as $ii => $va) {
$sorter[$ii]=$va[$key];
}
asort($sorter);
foreach ($sorter as $ii => $va) {
$ret[$ii]=$array[$ii];
}
$array=$ret;
}
function rglob($pattern, $flags = 0) {
$files = glob($pattern, $flags);
foreach (glob(dirname($pattern).'/*', GLOB_ONLYDIR|GLOB_NOSORT) as $dir) {
$files = array_merge($files, rglob($dir.'/'.basename($pattern), $flags));
}
return $files;
}
$dev = array();
$result = rglob('../*.php');
foreach($result as $file) {
$dev[] = array("file" => $file, "date" => date("Y-m-d H:i:s", filemtime($file)));
}
aasort($dev,"date");
foreach($dev as $test) {
// add a date here, let's say, 2022-04-20 to list the files modified after the 20th of April
if($test['date'] > "2022-04-20") {
echo "<div id=\"line\"><div id=\"file\">" . $test['file'] . "</div><div id=\"date\">" . $test['date'] . "</div></div><br />";
}
}
?>
|
Sorry, it's a bit messy, but it will do the job.
Cheers,
z