7,612
edits
Changes
Jump to navigation
Jump to search
Wordpress Blog Site (Tool) (view source)
Revision as of 21:40, 18 October 2017
, 21:40, 18 October 2017→Pharma Hack
grep -r "wp_class_support"
returns no results!
===Identified Malware===
Checking the files:
Both wp-content/themes and wp-content/plugins have an Oct 18 date on them. But both have subdirs with older access dates and seem clean. And the directory 2017/10 has Oct 4th dates on it but is empty. This is consistent with a numerically named php file being executed from here and then deleted.
According to the malware report it should target two additional files. We don't have WordFence, so only one is relevant:
locate wfScanEngine.php
locate class-wp-upgrader.php
