Brian mike

Filename: wp-content/themes/init.php

File Type: Not a core, theme, or plugin file from wordpress.org.

Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: de($x)));');$b374k("H4sIAAAAAAACA+z9eZ+jyLEwCv/vT1GuZ+6p7kNPg0ALTLvHB0ksEhJCgCTA9u0fO4hVbAJsf/cLaCmpqnoZj895n/c+d/xzF8olMjIyIjIiMzLzT3+OnfjhJ2qxGuML4S9PQWTkvvkli774 kWo8/e3h84OaJGr17tEsYz9KzOTxw8NjZiaB....

The infection type is: A backdoor known as 18aaaa.

Should i push Deleted this files?, got Notice by wordfence but sometimes those mean not much

Serious question here .

Thanks

__________________
Tube - Cam - Escorts - Top List
Menu Tab - Banner - Header Link - Blog Post
DM me

bns666

i would reinstall the whole site, who knows which wp files did that init.php modify.

__________________
⭐ CAM SODA ⭐ STRIPCHAT ⭐
⭐ CHATURBATE ⭐ X LOVE CAM ⭐

8pt-buck

Read this thread on 18aaaa ( Post #5 & 6 )

https://www.cloudlinux.com/forum/imu...rantined-files

Brian mike

Thats exactly what Sly told me yesterday
SUCKS was getting good SE traffic with that site running WP-Script ,
Starting fresh not so tempting

Don't know if because im half as sleep still but Cant find #6 lol, unless i need to create an account to see restricted post ?
I only saw 5 post reply.

Thanks for your replied.

__________________
Tube - Cam - Escorts - Top List
Menu Tab - Banner - Header Link - Blog Post
DM me

just a punk

That won't help. There is a breach somewhere. It can be a backdoor (99% of so-called nulled plugins and themes for WordPress have it). Or it can be a problem with server itself. E.g. Ubuntu OS - the system that can be hacked in a minute by even a monkey.

__________________
Obey the Cowgod

Bladewire

↑↑↑ Truth

So many WordPress thrmes & plugins are not secure.

__________________

Brian mike

They have injected Mining Code to the site.

<div style="position:absolute;left:-4865px;top:-3595px;">
<a href="http://grainesdesol.fr/index.php?gnregr=lenovo-miix-2-8-factory-reset">grainesdesol.fr</a>
</div>
<div style="position:absolute; left:-5477px;top:-1560px;">
<a href="http://market4.ir/index.php?hnhjkl=can-you-make-money-selling-bitcoins">market4.ir</a>
<a href="http://market4.ir/index.php?hnhjkl=cara-mining-bitcoin-di-android">earn on android</a> earn bitcoin on android 2017
<a href="http://market4.ir/index.php?hnhjkl=is-it-good-idea-to-invest-in-bitcoin">here</a>
<a href="http://market4.ir/index.php?hnhjkl=bitcoin-conversion-calc">http://market4.ir</a>
</div>

<div style="position:absolute;left:-4865px;top:-3595px;">
<a href="http://grainesdesol.fr/index.php?gnregr=lenovo-miix-2-8-factory-reset">grainesdesol.fr</a>
</div>
<div style="position:absolute; left:-5477px;top:-1560px;">
<a href="http://market4.ir/index.php?hnhjkl=can-you-make-money-selling-bitcoins">market4.ir</a>
<a href="http://market4.ir/index.php?hnhjkl=cara-mining-bitcoin-di-android">earn on android</a> earn bitcoin on android 2017
<a href="http://market4.ir/index.php?hnhjkl=is-it-good-idea-to-invest-in-bitcoin">here</a>
<a href="http://market4.ir/index.php?hnhjkl=bitcoin-conversion-calc">http://market4.ir</a>

But but but This happened While the Server WP-script was down 2x during the month for roughly a week each time. Weird Weird Weird

SO i wonder IF that WP-Script Server issue Could have made my site become WEAK by using his WEAK FREE Theme while license server down...

IS over a week i got a bad feeling about it. WEIRDDDDDDDD

__________________
Tube - Cam - Escorts - Top List
Menu Tab - Banner - Header Link - Blog Post
DM me

Sly

I wouldn't focus blame on any one theme or plug-in, this is a "nature of the beast" scenario with WordPress. This is why it's crucial to have any WordPress installations set up in an environment where any malicious injections will not impact other sites. It's also crucial to make sure WordPress, themes and plug-ins are updated at all times.

There is a very common practice of "build and forget" in the affiliate marketing industry. Unfortunately with WordPress this is a disaster waiting to happen because there are so many vulnerabilities. The best way to prevent mass disaster is creating a proper environment as mentioned above and updating religiously. Even this does not guarantee victory.

As the old saying goes "it is what it is." Take the best precautions you can, do the best maintenance you can and accept that things may/can go wrong.

By the way, you can rebuild your site without losing the search engine traffic that you spoke of. We have done it for literally hundreds of sites. Rebuilding the site does not mean total failure. It simply means some good ol' elbow grease. ;-)

__________________
Vacares - Web Hosting, Domains, O365, Security & More - Paxum and BTC Accepted

Wanted: CCBill pay sites for sale

magneto664

are u use a free theme or a nulled plugin?

__________________
magneto664 📧 gmail.com
Adult Backlinks 💘Best Website Stats 💘 Best CDN for Adult Content
My Fav: 👍Chaturbate 👍 Stripchat 👍 Dateprofits 👍 AdultFriendFinder

Brian mike

Your right i guess, so no more wordpress for me will switch to KVS my 2 wp-script Left.
So no dev to blame about it

__________________
Tube - Cam - Escorts - Top List
Menu Tab - Banner - Header Link - Blog Post
DM me

Brian mike

WP-script WEAK free theme 2 week in the last month ( Not change by me BTW ) is like a magic shit going on with French Sebastien LMAO
Nulled plug in are removed when wordfence gives a warning about it or a plug in let down.
I only use plug in from respiratory if i have too.

__________________
Tube - Cam - Escorts - Top List
Menu Tab - Banner - Header Link - Blog Post
DM me

magneto664

it could well be installed a year ago as well as a month ago. it remains to scan all files and the database. It is worth to rip the original files from the server (wordprees main files) and files from the original wordpress and compare if they are not changed! remember about the wp-config file
shit work for a few hours

__________________
magneto664 📧 gmail.com
Adult Backlinks 💘Best Website Stats 💘 Best CDN for Adult Content
My Fav: 👍Chaturbate 👍 Stripchat 👍 Dateprofits 👍 AdultFriendFinder

Bladewire

I wonder if all sites using that script we're injected while it was down.

Is their ecrypted code on that script? If so, it's likely that's your backdoor.

This is why I never have any scripts that have encrypted code because you never know what the owners going to do with it and if there's a back door which there usually is because it needs to connect with the server and verify info to work.

Sly

This is very true.

These exploits can remain dormant for months, even years. Then a particular event triggers them in action and boom.

__________________
Vacares - Web Hosting, Domains, O365, Security & More - Paxum and BTC Accepted

Wanted: CCBill pay sites for sale

Brian mike

I know if i would be a client of VACARES/ SLY they would have take over and fix all this already for me

But unfortunetly for me im with King-Servers.com and will see what i can get from them done today or tomorrow
Their very good to me usually, so will see whats up this weekend hopefuly.

Shitty weekend ahead

__________________
Tube - Cam - Escorts - Top List
Menu Tab - Banner - Header Link - Blog Post
DM me