Recently I began getting strange errors on one of my PHP sites claiming that a file could not be found for a ‘require’. When looking deeper into the issue, I noticed the file had actually been renamed to filename.php.suspected. What??
As it turns out, this is happening to a lot of people. This is not just limited to Wordpress, but it appears Wordpress sites have been targeted more than others. Using the following grep command I found over 25 malware files on the server:
代碼: 選擇全部
egrep -Rl '\$GLOBALS.*\\x|function.*for.*strlen.*isset|isset.*eval' /path/to/webserver
After shutting down the mail server and setting up a honeypot to trick the hackers, I halted their activities for the time being.
Have you experienced this hack? If you need help resolving this issue on your site, contact me today.