Wordpress Site hacked

S

SamSC

New member
Jan 17, 2020
13
3
3
Hello,

I have several wordpress sites on one server.
Now today there was a critical error on all WordPress sites on this server.

I found the file "heyserv.php" in every directory.
Unfortunately, I have a fear that the file came via a plugin/theme from Babiato and wanted to ask if anyone else is currently having problems with such an incident.
 
guguk

guguk

Well-known member
Jul 19, 2019
1,150
828
113
Ottoman Empire
SamSC said:
Hello,

I have several wordpress sites on one server.
Now today there was a critical error on all WordPress sites on this server.

I found the file "heyserv.php" in every directory.
Unfortunately, I have a fear that the file came via a plugin/theme from Babiato and wanted to ask if anyone else is currently having problems with such an incident.
Click to expand...
Please eleborate your issue:
- How is your server state? Which company, features, etc
- Which is the "common point" between these hacked websites? Plugin/Theme etc
- When you realized you'been hacked? (after install X theme or X plugin)
- Did you scan via any "security plugin" after this happened?
- Is there any out-dated plugin/theme you installed in any website? Or deactivated ?
 
  • Like
Reactions: SamSC, Snowflakes786 and xinhnhatvn
S

SamSC

New member
Jan 17, 2020
13
3
3
guguk said:
Please eleborate your issue:
- How is your server state? Which company, features, etc
- Which is the "common point" between these hacked websites? Plugin/Theme etc
- When you realized you'been hacked? (after install X theme or X plugin)
- Did you scan via any "security plugin" after this happened?
- Is there any out-dated plugin/theme you installed in any website? Or deactivated ?
Click to expand...
Hey thanks for your answer!

I'm getting to the bottom of it and think that it could be accessed from outside via a file upload.

After I restored a backup, I could see in the logs that an attempt was made to access a .gif. Apparently this .gif came into the system via a form upload.
Measures were to set up Wordfence and to block all IPs in this direction.
 
A

anaxtech

Member
May 21, 2022
31
6
8
First thing you need to get rid heyserv.php by removing manually ....then rescan and ask server to scan since they can scan the root ..and if they find any files infected which i am sure even if you delete the file it will recreate the same after some time...if at all server support respond ..then you can take help of securi service they are expert ...i can be help to remove complete malware and make site live.....ask server to roll back to previous day backup say 8 days 10 days ...if none of the site updated ..... drop me msg
 
  • Like
Reactions: SamSC
guguk

guguk

Well-known member
Jul 19, 2019
1,150
828
113
Ottoman Empire
SamSC said:
Hey thanks for your answer!

I'm getting to the bottom of it and think that it could be accessed from outside via a file upload.

After I restored a backup, I could see in the logs that an attempt was made to access a .gif. Apparently this .gif came into the system via a form upload.
Measures were to set up Wordfence and to block all IPs in this direction.
Click to expand...
Could you please give us more detail about form? is it contact form 7 or any premium form plugin nulled by here?
Please note that "form" or "inputs" very sensitive areas and needs to be protected. And I dont use even "search input" if I dont need it. If I should use a form then I prefer good one (gravity form for example) instead of free one (contact form 7) I remember that first time I was used wordpress a thousands websites hacked due to contact form 7. So I can see that people blame (no offense yourself) babiato's platform when happened this situation but "security" starting from protecting yourself not by a plugin or another thing.
 
  • Like
Reactions: SamSC
X

xinhnhatvn

Active member
Jun 9, 2019
107
43
28
I think even if you don't use the Plugin and Theme shared by Babiato, you can still get hacked. Thank you for sharing.
 
Last edited:
mi2brich

mi2brich

New member
May 4, 2022
6
1
3
I 2nd that. Always keep your WP +plugins + themes updated. Use Wordfence plugin + Cloudflare. Check your VPS logs.
 
You must log in or register to reply here.

Similar threads

aplusk777
[ASK] How to share blogger post into wordpress site?
Replies
2
Views
309
General Discussion
aplusk777
aplusk777
J
Plugin To Display Apple's Top 100 Songs/Albums on WordPress Site
Replies
5
Views
480
General Discussion
Escanor64
Escanor64
G
Hello Someone tells me the best WordPress theme for a Blogging Site?
Replies
5
Views
658
General Discussion
garciaevans
G
M
introduce a site that offers free and practical tutorials on WordPress plugin writing and WordPress security
Replies
0
Views
434
General Discussion
mohammadraz
M
underwater
Is it possible to make this kind of quiz site in Wordpress?
Replies
0
Views
531
General Discussion
underwater
underwater

Latest posts

Forum statistics

Threads
69,206
Messages
908,333
Members
236,835
Latest member
subedipradip

Share this page

Share this page

About us

  • Our community has been around for many years and pride ourselves on offering unbiased, critical discussion among people of all different backgrounds. We are working every day to make sure our community is one of the best.

Quick Navigation

Forums Contact us

User Menu

Login
Community platform by XenForo © 2010-2022 XenForo Ltd.
Top Bottom