|
Angela Haddon
|
July 9, 2014 at 6:31 pm
Hi, I’m hoping you can help me. I’m running WordFence in WordPress and it’s telling me that a malicious file is being installed (repeatedly – even after I delete it, the file is re-installed). This is the message I’m getting:
Filename: wp-content/plugins/event-espresso/includes/admin-files/search.phtml
File type: Not a core, theme or plugin file.
Issue first detected: 9 secs ago.
Severity: Critical
Status New
This file appears to be installed by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: “cat /etc/passwd”.
I’m currently running EE Version 3.1.36.1.P and WordPress Version 3.9.1
Any information or advice would be much appreciated.
Thanks!
|
|
Lorenzo Orlando Caum
|
July 9, 2014 at 6:53 pm
Hi,
I found some information on that file here:
http://wordpress.org/support/topic/plugin-allowed-access-to-hackers
Could you scan your site through these services:
http://sucuri.net
http://www.unmaskparasites.com
If anything is found, please work through these recommendations from the codex:
http://codex.wordpress.org/FAQ_My_site_was_hacked
—
Lorenzo
|
