PHP reinfect issue, creates random php and dot files

Question

We are using a godaddy shared hosting package and running a few wordpress sites on this shared space.

of late wordfence scanner detected malicious files within wp-includes and wp-content. Also some of the core wordpress files have been modified to include some gibbersih php code.

These malicious files are as follows

radio.php/theme.php
files with random string as file name e-g :DGDdsgd.php
files with otc extension e:g.fgfgff22.otc

further there some .*.otc files inside random locations and these files contain more gibbersih php scripts. Also these files are included within other php files.

Although i removed the malicious files these are get regenerated again after some time.

enter image description here

score 1 · Answer 1 · answered Sep 04 '23 at 10:09

Your sites are compromised.

Cleaning up a compromised system is really difficult for someone who knows what they are doing. Wordpress + plugins is particularly vulnerable and difficult to clean up.

You clearly have a long journey ahead of you before you reach that level of expertise. Meanwhile your sites are being used to attack other places on the internet and your users.

Take your wordpress instances offline and use one of the many site flattening tools to generate HTML files and upload those to Go Daddy in place of the PHP code.

PHP reinfect issue, creates random php and dot files

1 Answers1