Skip to content
View Categories

Found Malware

1 min read

Hi,

A scan of your account shows that is appears to have been infected with malware.

The scan flagged the following suspicious files:
#####

The first two certainly appear malicious and please note malware scans such as this and our own efforts are by no means conclusive and it is likely that further files or scripts exist.

From our experience, a common cause of compromised sites is out of date or no longer maintained plugins. It’s recommended to check over the plugins on the site from time to time and ensure that they are still receiving regular updates. Often, for less recognised plugins, developers may abandon the project which means that exploits are no longer patched however the plugin still appears as up to date in the WordPress dashboard which leads to a false sense of security.

Note that we are not experts in application security so I would recommend reading further into this or potentially speaking to an expert and having them conduct a penetration test. WordPress.org also has an article which provides a lot of good information. See https://wordpress.org/support/article/hardening-wordpress/ for details.

We would also advise updating your GURU portal (my.guru.co.uk) password and cPanel password.

From a server point of view, we do use ModSecurity which will attempt to filter out a number of malicious requests. We also employ CageFS which ensures that if any other sites on the server are compromised, attackers won’t be able to traverse into other website files.

In this situation it’s most likely best to conduct a restore of the site unless you’re willing to do a full file by file audit of the site and database to ensure there aren’t any more malicious lines of code.

We can conduct restores for you but we do recommend you go about it yourself.

You can restore your site via the R1Soft plugin for the cPanel account in question. Providing you know the cPanel credentials then you’ll be able to locate the restore point and restore both the database and the site files.

If you don’t know the credentials then you can reset them via WHM using the password modification tool, or within your Guru Portal.

You can find more information on this here: https://my.guru.co.uk/kb/cpanel-whm-control-panel/how-do-i-access-my-guru-backups

Please let me know if you have any questions and I’ll be happy to help. You may find the following links helpful:

https://my.guru.co.uk/kb/security/malware-notifications
https://codex.wordpress.org/FAQ_My_site_was_hacked
https://codex.wordpress.org/Hardening_WordPress

#signature
#cut

What are your Feelings