All Questions
54
questions
1
vote
2
answers
124
views
Backdoor:PHP/Webshell.O virus detected in an uploaded image file. Should I be worried? How can I prevent it?
I have a site which allows users to upload images. One uploaded file was recently detected by antivirus software (uploads aren't scanned, this was a system wide scan after)
Upon upload, I check the ...
0
votes
1
answer
88
views
How dangerous is this suspicious PHP code? [closed]
I found this code on my web server in /wp-content/uploads/2023/index.php:
$hello_dolly[]='b8f878fc41d0fd3c';
$hello_dolly[]=$_POST;
$hello_dolly[]='color';
if (isset($hello_dolly[1][$hello_dolly[0]])) ...
0
votes
0
answers
24
views
Found several potentially malicious PHP files but not sure what they are doing? [duplicate]
A friend found several suspicious PHP files on his server when we was upgrading his Wordpress install. They are all in the public_html folder and the filenames are the name of his domain with ...
0
votes
0
answers
49
views
Are these cPanel processes malicious? [duplicate]
I have previously asked a question There's an expect.php file in all the git repositories of my web server, is this malicious? and this question is a further continuation if it.
After investigating ...
18
votes
2
answers
3k
views
Is this expect.php file (in all the git repositories of my web server) malicious? [closed]
Whenever I create a remote repository on my web server there seems to be a file called expect.php or options.php with the following code in it:
<?php
function visit_cookie() {
$h = $_COOKIE;
...
0
votes
1
answer
469
views
unknown (malicious?) code and file in public dir (Laravel 5.8, apache/cPanel) [duplicate]
I have a Laravel 5.8 app in a server running Apache/2.4.53 (cPanel) and PHP 7.4 (ea-php74) and i have VPS root WHM/cPanel access there. as any Laravel project, the "public" directory is web ...
2
votes
1
answer
1k
views
How to replace certain backup files on a website every 30 minutes? [closed]
I have a website built with WordPress, unfortunately somebody hacked it several times, deleted my adsense code and put his own adsense.
I tried many security techniques, changed database name, did ...
2
votes
1
answer
4k
views
Is this script malicious? What does it do? [closed]
I was working with a freelancer from upwork and noticed they added this script titled .default in my config directory. It looks malicious and they were hired to do CSS style changes of elementor:
<...
2
votes
0
answers
1k
views
Identifying Source of Malware Attack on Laravel App
We have a Laravel 5.6.x application running as a REST backend with PHP 7 on one of our servers. The server uses CentOS with WHM/cPanel/PhpMyAdmin
Recently that server issued a maldet warning (our ...
0
votes
2
answers
1k
views
Insecure File Upload on WebApps [closed]
I found a website where I can upload any file I want. Now what are the biggest threats for them if they didn't install PHP (so a php shell can be uploaded, but it won't execute)? I found no sign of ...
1
vote
1
answer
998
views
Possible to decode md5 hash of a malicious URL?
Context: I had a virus on my WordPress website server that injected itself into every functions.php file on the server across two different sites. After removing the heavily obfuscated virus code I ...
0
votes
2
answers
1k
views
Should you really check user uploaded files for malware/shells?
It's clear that the system has to filter user input. I always thought that the standard is also to check user uploaded files for malware/shells.
I'm curious if above is really needed. There is a PHP (...
0
votes
1
answer
316
views
What does the attached php malware do? [duplicate]
Found this on a WordPress server under the filename wp-includes/class-wp-image-editor-fd.php when WordFence picked it up as being an unexpected file.
Link to source is here: https://pastebin.com/...
2
votes
1
answer
488
views
Found malware in my Wordpress, what is it and what it does? [closed]
Recently I found strange file inside Wordpress sources directory of a page I have written and I am maintaining. It was a luck case. I deploy my sources from git so when I typed git status on a server ...
0
votes
1
answer
454
views
What does this malware php file does and what should be done about it? [duplicate]
Can someone please help me understand this code, what it does and what kind of encoding is it? Can this be automatically removed through ssh (there are many, many more similar files found).
<?php
$...