Quantcast
Channel: WordPress.org Forums » [Wordfence Security - Firewall, Malware Scan, and Login Security] Support
Viewing all articles
Browse latest Browse all 33249

Anonymousfox hack

$
0
0

Replies: 0

Hi,
My website was hacked some weeks ago. After some cleaning and security measures it has been pretty calm; no more admin users created nor email accounts in Cpanel. But I wonder how can I be sure?

In the Live Traffic tab in Wordfence I noticed that some coinciding attempts to login were coming from the Netherlands. And I noticed that one of the blocked attempts was this one:
https://delasciencealassiette.fr/ubpxwlwy.php?Fox=d3wL7

Can anyone explain why a .php file different from the usuals “.aws/credentials” or “info.php” or “config.js” attempts?

Can you help me to know what I can do to be assured that there are no infected files that the scan might be missing?

EDIT: I also found all these visitor entries in clicky analytics:

10:28 Brazil flag 187.72.192.0 /ubpxwlwy.php
10:28 The United States flag 72.240.108.0 /ubpxwlwy.php?Fox=d3wL7
10:28 Poland flag 91.150.166.0 /ubpxwlwy.php?Fox=d3wL7
10:28 The United States flag 208.53.243.0 /ubpxwlwy.php?Fox=d3wL7
10:28 The United States flag 205.213.108.0 /ubpxwlwy.php

Grateful
Rod

  • This topic was modified 8 minutes ago by rod.

Viewing all articles
Browse latest Browse all 33249

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>