1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Malicious Files - Please Help

Discussion in 'Blogging' started by webhostingproviders, Nov 23, 2016.

  1. webhostingproviders

    webhostingproviders Jr. VIP Jr. VIP Premium Member

    Joined:
    Aug 8, 2013
    Messages:
    1,458
    Likes Received:
    380
    Occupation:
    Internet Marketer
    Location:
    Planet Earth
    Home Page:
    My hosting provider send me list of infected file either to replace or remove from my server. Now the filenames which are provided are core files such as

    /Domainname/wp-content/themes/heatmap-adaptive/functions.php
    /Domainname/wp-includes/post.php

    If i delete functions.php OR post.php - website STOPS working

    however I replaced with the backup on the server, but STILL hosting provider saying the malicious file persists. What should I do - pleas help

    Should I reinstall the whole theme after deleting it OR any other method ?
     
  2. Asif WILSON Khan

    Asif WILSON Khan Executive VIP Jr. VIP

    Joined:
    Nov 10, 2012
    Messages:
    12,166
    Likes Received:
    33,744
    Gender:
    Male
    Occupation:
    Fun Lovin' Criminal
    Location:
    London
    Home Page:
    • Thanks Thanks x 1
  3. webhostingproviders

    webhostingproviders Jr. VIP Jr. VIP Premium Member

    Joined:
    Aug 8, 2013
    Messages:
    1,458
    Likes Received:
    380
    Occupation:
    Internet Marketer
    Location:
    Planet Earth
    Home Page:
    @Asif WILSON Khan yes I have installed nulled theme, but it was there since last 5 years (however i recently installed few nulled plugins), suddenly the issue came, should I install wordfence premium or just normal one ?

    But as the hosting provider said the malicious file is in the theme, so what you say the issue is with the theme or the plugins ?
     
  4. Asif WILSON Khan

    Asif WILSON Khan Executive VIP Jr. VIP

    Joined:
    Nov 10, 2012
    Messages:
    12,166
    Likes Received:
    33,744
    Gender:
    Male
    Occupation:
    Fun Lovin' Criminal
    Location:
    London
    Home Page:

    Delete all nulled themes and plugins. Then the basic wordfence (free) should be fine.

    IF YOU DO NOT DELETE THE NULLED THEME AND PLUGINS YOU WILL NOT FIX THE ISSUE.
     
    • Thanks Thanks x 2
  5. Donbuffy

    Donbuffy Jr. VIP Jr. VIP

    Joined:
    Jul 23, 2012
    Messages:
    382
    Likes Received:
    68
    Gender:
    Male
    Occupation:
    Self Employed
    i had similar problem, wiped off my entire site and started afresh cos the malware already infected my db tried using wordfence and the scan takes forever to complete, well i would recommend sulcuri i heard about them late so i couldnt use them
     
  6. shezboy

    shezboy Jr. VIP Jr. VIP Premium Member

    Joined:
    Sep 17, 2008
    Messages:
    3,910
    Likes Received:
    5,494
    Gender:
    Male
    Location:
    UK
    There is a reason why someone will use their skill to null a theme or a plugin, and your post is an example of what that reason is.

    I get it; honestly, I really do get it when it comes to needing to use a nulled theme, plugin, software, etc. but there is usually a price to pay somewhere along the lines.

    Some people use them out of the 'need' while some will use them due to the attitude of 'I want it, and I refuse to pay for it'. I have no sympathy for those who fall into the latter while I can sympathise with those who have no choice and who will make good on things in the future which is often by purchasing a licensed version of the theme/plugin from the vendor.

    Follow the advice that @Asif WILSON Khan gave you earlier and get rid of the infected files because you don't know what it is that they're doing to your site.

    When I deal with tickets at our help desk for some of our plugins, I will often need to login to the customers WP admin to take a look their set up, and at least 50% of those WP installs are using a nulled theme from somewhere.

    Shez
     
    • Thanks Thanks x 2
  7. itz_styx

    itz_styx Jr. VIP Jr. VIP

    Joined:
    May 8, 2012
    Messages:
    560
    Likes Received:
    262
    Occupation:
    CEO / Admin / Developer
    Location:
    /dev/mem
    Home Page:
    there is no easy solution here as without having a look everyone can just guess, but as previously suggested try removing the plugins/themes ..keep the database and just do a fresh updated wp install without the nulled stuff