Ok, I found a suspicious file on another website and it’s a shell backdoor. /wp-content/backup-2365b/.title14.php /wp-content/uploads/wysija/themes/rss.lib.php /wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/nextgen_gallery_display/static/fontawesome/admin38.php this is original content: and And this is the unencrypted content: $auth_pass = “f4eeb83f67a86ea7baaaac13bebe6417”; $color = “#df5”; $default_action = ‘FilesMan’; $default_use_ajax = true; … Continua a leggere
6 Febbraio 2015
di max
4 commenti