Need Help with this Backdoor

Hexor

Hexor

:):
Trusted Seller
Trusted Uploader
Jun 23, 2020
2,005
1,546
120
Pale Blue Dot
Today, all three websites face this critical error. Later when I debug i have found the below PHP code in my plugins folder.

Gofile

Gofile is a free and anonymous file-sharing platform. You can store and share data of all types (files, images, music, videos etc...). There is no limit, you download at the maximum speed of your connection and everything is free.
gofile.io gofile.io

backdood.png


I only Use WP Smush and WP rocket Nulled Downloaded from Babiato Trusted Uploader. I don't know how it got into my websites.

Can anybody guide me to prevent future attacks? i am using wordfence for security.
 
Last edited:
MrSam_1

MrSam_1

Well-known member
Administrative
Trusted Seller
Dec 1, 2018
24,129
27,394
120
What wordfence said? It have reported some modified files, from which plugin? You said you have 2 that use nulled plugins and one that use legit plugins. All 3 sites have the same plugins and theme?
 
  • Like
Reactions: Hexor
Hexor

Hexor

:):
Trusted Seller
Trusted Uploader
Jun 23, 2020
2,005
1,546
120
Pale Blue Dot
slvrsteele said:
What wordfence said? It have reported some modified files, from which plugin? You said you have 2 that use nulled plugins and one that use legit plugins. All 3 sites have the same plugins and theme?
Click to expand...
No two site on Newspaper theme, using basic plugins comes with newspaper, and a2 optimized plugin from a2hosting and Rank math, WP smush and Wp rocket.

Wordfence said, we have found a backdoor on your site, then I have downloaded the file and deleted it from the websites.
i can't figure out how it got all my websites where I am not even using nulled plugins on one site.
 
Hexor

Hexor

:):
Trusted Seller
Trusted Uploader
Jun 23, 2020
2,005
1,546
120
Pale Blue Dot
slvrsteele said:
What wordfence said? It have reported some modified files, from which plugin? You said you have 2 that use nulled plugins and one that use legit plugins. All 3 sites have the same plugins and theme?
Click to expand...

Here is the warning Wordfence Showed
backdoor.png
 
MrSam_1

MrSam_1

Well-known member
Administrative
Trusted Seller
Dec 1, 2018
24,129
27,394
120
It is not mandatory that a nulled plugin is the cause. There are flaws given by poor coding on everything. Developers are not security experts, they just follow some security guidelines and coding practices and it's quite easy to miss something. If you want to know how it got there you should get your hands really dirty and occupy your time with checking the access log and error log for all sites and find the request that normally shouldn't be there. It's a humongous load of work but if you're patient and check thoroughly you might find the issue and the infiltration.
 
  • Wow
  • Like
Reactions: smalok and Hexor
Hexor

Hexor

:):
Trusted Seller
Trusted Uploader
Jun 23, 2020
2,005
1,546
120
Pale Blue Dot
slvrsteele said:
It is not mandatory that a nulled plugin is the cause. There are flaws given by poor coding on everything. Developers are not security experts, they just follow some security guidelines and coding practices and it's quite easy to miss something. If you want to know how it got there you should get your hands really dirty and occupy your time with checking the access log and error log for all sites and find the request that normally shouldn't be there. It's a humongous load of work but if you're patient and check thoroughly you might find the issue and the infiltration.
Click to expand...
this is what I have been thinking when I saw my fresh site was infected too, thanks for your guidelines :)
 
Hexor

Hexor

:):
Trusted Seller
Trusted Uploader
Jun 23, 2020
2,005
1,546
120
Pale Blue Dot
funguy said:
It is server issue. Some servers are not secure enough. Hackers can inject malicious files easily on sites hosted on such servers.
Click to expand...
I am using A2hosting, they are reputed enough. i have sent them a message also, let;s see what they reply
 
funguy

funguy

Active member
Jul 31, 2020
257
126
43
India
ieltsessays.com
hexor said:
I am using A2hosting, they are reputed enough. i have sent them a message also, let;s see what they reply
Click to expand...
I have been dealing in such issues for long. So, there is some sort of vulnerability for sure. No server is perfect.
I would like to give a small example, if NASA, FBI, Twitter etc. can be hacked, there is nothing which is hack-proof :)
 
  • Wow
Reactions: Hexor
Hexor

Hexor

:):
Trusted Seller
Trusted Uploader
Jun 23, 2020
2,005
1,546
120
Pale Blue Dot
funguy said:
I have been dealing in such issues for long. So, there is some sort of vulnerability for sure. No server is perfect.
I would like to give a small example, if NASA, FBI, Twitter etc. can be hacked, there is nothing which is hack-proof :)
Click to expand...
yeah this is true
 
MR A

MR A

Well-known member
Trusted Seller
Trusted Uploader
Banned User
Apr 19, 2019
755
299
63
Root
same happen with me too my fresh 1-month site infected and 10000 backlinks generated am not using both domain yet
 
  • Sad
Reactions: Hexor
guguk

guguk

Well-known member
Jul 19, 2019
1,150
828
113
Ottoman Empire
it could not caused by nulled-plugins.
Check also PC. if there have any malware it could be steal your hosting credentials.
Delete un-used FTP account.
Check browser add-ons.
 
  • Like
Reactions: smalok
You must log in or register to reply here.

Similar threads

Kokoth
[NEED HELP] JetFormBuilder add new taxo
Replies
0
Views
286
Website Support & Development
Kokoth
Kokoth
Kokoth
[NEED HELP] API From lastfm
Replies
0
Views
415
Website Support & Development
Kokoth
Kokoth
C
Hello, can someone help me build the IOS version of my app? The app is already developed I got apk for the android and I need for IOS too please?
Replies
6
Views
490
Website Support & Development
CooLi
C
Musk
Need WordPress help
Replies
3
Views
393
Website Support & Development
Musk
Musk
kingshipV
I seriously need help. My domain is offline and I can't figure what the problem is.
Replies
13
Views
650
Website Support & Development
HeyMakarina
HeyMakarina
Orionshost 70% Off

Latest posts

Forum statistics

Threads
69,498
Messages
910,045
Members
239,980
Latest member
bmawira

Share this page

Share this page

About us

  • Our community has been around for many years and pride ourselves on offering unbiased, critical discussion among people of all different backgrounds. We are working every day to make sure our community is one of the best.

Quick Navigation

Forums Contact us

User Menu

Login
Community platform by XenForo © 2010-2022 XenForo Ltd.
Top Bottom