If you’re using wordpress, make sure you have somekind of security apps or software running to scan your website constantly for bad files being modified or uploaded by hackers. Probably not a direct upload but maybe a file that you download as legitimate but later was changed to a malicious file by hackers, or if you’re in a shared hosting environment the files might have been transferred to your website because other websites were infected and since you’re in the same server, now you get infected also.
Here’s an example of what WordPress plugin Wordfence found.
- Filename: wp-content/uploads/2014/09/functions10.php
- File Type: Not a core, theme, or plugin file from wordpress.org.
- Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: eval(vF49HI8($vN2MFQ3, $v3RC5V8));?>The infection type is: t5426 infection
Description: A backdoor known as t5426
- Filename: wp-content/uploads/2013/lib.php
- File Type: Not a core, theme, or plugin file from wordpress.org.
- Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: eval(vFU7YXX($vZJMCPT, $vD2SGJH));?>The infection type is: t5426 infection
Description: A backdoor known as t5426