fichiers hackés ? (Créer un compte)

  • WordPress :5.2
  • Statut : non résolu
3 sujets de 1 à 3 (sur un total de 3)
  • Auteur
    Messages
  • #2284567
    Arnaud G.
    Participant
    Padawan WordPress
    97 contributions

    Bonjour,

    Ma configuration WP actuelle :
    – Version de WordPress : 5.2.4
    – Version de PHP/MySQL : 7.3.6 / 5.6.43
    – Thème utilisé : StyleShop
    – Thème URI : http://www.elegantthemes.com/gallery/
    – Extensions en place : Accordions by PickPlugins (2.1.17), Advanced noCaptcha & invisible Captcha (5.5), Akismet Anti-Spam (4.1.3), Classic Editor (1.5), DAP Easy Installer (2.1), DigitalAccessPass LiveLinks (4.7.4), Elegant Themes Updater (1.2), Forum_wordpress_fr (4.2), IM8 Exclude Pages (2.7), Insert Headers and Footers (1.4.4), OptimizePress (2.5.20), Pixel Cat Personal (2.4.2), podPress (8.8.10.17), Query Monitor (3.4.0), Re-add text underline and justify (0.2), Really Simple SSL (3.2.6), Really Simple SSL pro (2.1.7), Redirect After Comment Per Page (0.9.5), S3MediaVault Pro (5.0), Subscribe to Comments Reloaded (191028), UpdraftPlus – Backup/Restore (1.16.20), Webcraftic Robin image optimizer (1.4.0), WickedCoolPlugins License Key (1.0), Wordfence Security (7.4.1), WP-Optimize – Clean, Compress, Cache (3.0.13), WP Health (Formerly My WP Health Check) (1.8.9)
    – Adresse du site : https://touchezlebouddha.com
    – Nom de l’hébergeur : Apache

    Problème(s) rencontré(s) :

    Suite à un scan via Wordfense j’ai une série de messages que je ne sais interpréter pour agir de la bonne façon… J’ai démandé à Wordfense de réparer les fichiers qu’il m’indiquait pouvoir réparé. Mais pour ceu ci-dessous, cela n’est pas possible. Que faire ?

    1-

     

      <li style= »list-style-type: none; »>
      <li style= »list-style-type: none; »>
    • Filename: <span class= »wf-split-word-xs »>wp-config.php</span>
    • File Type: WordPress Configuration File

    <li class= »wf-issue-detail-spacer »>

    • Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The matched text in this file is: <strong class= »wf-split-word »>include « 57h157m145The issue type is: Backdoor:PHP/ObfuscatedInclude.6067
      Description: PHP include() statement with an obfuscated filepath.

     

    This is your main configuration file and cannot be deleted. It must be cleaned manually.

    2-

     

      <li style= »list-style-type: none; »>
      <li style= »list-style-type: none; »>
    • Filename: <span class= »wf-split-word-xs »>wp-content/plugins/advanced-nocaptcha-recaptcha/assets/vmbktjzp.php</span>
    • File Type: Not a core, theme, or plugin file from wordpress.org.

    <li class= »wf-issue-detail-spacer »>

    • Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The matched text in this file is: <strong class= »wf-split-word »>$bezqzt = ‘fetm1urHn69sx-pv3b8c_y0al’5iko427d#*g’;$naata = Array();$naata[] = $bezqzt[7].$bezqzt[35];$naata[] = $bezqzt[34];$naata[] = $bezqzt[26].$bezqzt[10].$bezqzt[17].$bezqzt[18].$bezqzt[17].$bez…The issue type is: Suspicious:PHP/encodedtextlookup.7024
      Description: Suspicious encoded content. This encoding is often used to hide malware

     

    3-

     

      <li style= »list-style-type: none; »>
      <li style= »list-style-type: none; »>
    • Filename: <span class= »wf-split-word-xs »>wp-includes/sodium_compat/src/Core/qvpzfhfh.php</span>
    • File Type: Not a core, theme, or plugin file from wordpress.org.

    <li class= »wf-issue-detail-spacer »>

    • Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The matched text in this file is: <strong class= »wf-split-word »>$ldrli = ‘or56g4tusbklc#adf2*px’7eyH3_inm01v-‘;$tolbmz = Array();$tolbmz[] = $ldrli[23].$ldrli[14].$ldrli[3].$ldrli[31].$ldrli[26].The issue type is: Suspicious:PHP/encodedtextlookup.7024
      Description: Suspicious encoded content. This encoding is often used to hide malware

     

    4-

     

      <li style= »list-style-type: none; »>
      <li style= »list-style-type: none; »>
    • Filename: <span class= »wf-split-word-xs »>wp-includes/css/dist/edit-post/bgzyriff.php</span>
    • File Type: Not a core, theme, or plugin file from wordpress.org.

    <li class= »wf-issue-detail-spacer »>

    • Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The matched text in this file is: <strong class= »wf-split-word »>return $njkbij ^ $uthaeoo[$fkgcdjnnztbtzxgr % strlen($uthaeoo)] ^ $ylqzibue[$fkgcdjnnztbtzxgr % strlen($ylqzibue)]The issue type is: Suspicious:PHP/unlikelycrypto.6988
      Description: Suspicious PHP code often seen in malicious backdoors

     

    5-

     

      <li style= »list-style-type: none; »>
      <li style= »list-style-type: none; »>
    • Filename: <span class= »wf-split-word-xs »>wp-includes/sodium_compat/src/Core/qvpzfhfh.php</span>
    • File Type: Core

    <li class= »wf-issue-detail-spacer »>

    • Details: This file is in a WordPress core location but is not distributed with this version of WordPress. This scan often includes files left over from a previous WordPress version, but it may also find files added by another plugin, files added by your host, or malicious files added by an attacker.

     

    6-

     

      <li style= »list-style-type: none; »>
      <li style= »list-style-type: none; »>
    • Filename: <span class= »wf-split-word-xs »>wp-includes/rest-api/endpoints/.1cc7d8e8.ico</span>
    • File Type: Core

    <li class= »wf-issue-detail-spacer »>

    • Details: This file is in a WordPress core location but is not distributed with this version of WordPress. This scan often includes files left over from a previous WordPress version, but it may also find files added by another plugin, files added by your host, or malicious files added by an attacker.

     

    7-

     

      <li style= »list-style-type: none; »>
      <li style= »list-style-type: none; »>
    • Filename: <span class= »wf-split-word-xs »>wp-includes/css/dist/edit-post/bgzyriff.php</span>
    • File Type: Core

    <li class= »wf-issue-detail-spacer »>

    • Details: This file is in a WordPress core location but is not distributed with this version of WordPress. This scan often includes files left over from a previous WordPress version, but it may also find files added by another plugin, files added by your host, or malicious files added by an attacker

     

    PROBLEME #2

    La requête API REST a échoué à la suite d’une erreur.
    Erreur : [] cURL error 28: Operation timed out after 10000 milliseconds with 0 bytes received

    Après avoir coupé tous les plugins le problème demeure. J’ai rein trouvé sur les formums pour m’aier bien que cette erreur soit très fréquent visiblement.

    Merci

    Merci pour le coup de main…

    • Ce sujet a été modifié le il y a 5 années et 1 mois par Arnaud G..
    • Ce sujet a été modifié le il y a 5 années et 1 mois par Arnaud G..
    • Ce sujet a été modifié le il y a 5 années et 1 mois par Li-An.
    #2284570
    Li-An
    Participant
    Maître WordPress
    28887 contributions

    En effet, vous avez été hacké et un bon nettoyage est nécessaire (pas seulement retirer les fichiers créés mais trouver la source du problème) : un lien utile https://wpfr.net/support/sujet/solutions-de-depannage-pour-un-site-hacke-pirate/

    #2284874
    Arnaud G.
    Participant
    Padawan WordPress
    97 contributions

    Merci je m’y mets 😉

3 sujets de 1 à 3 (sur un total de 3)
  • Vous devez être connecté pour répondre à ce sujet.