How JustAnswer Works:
  • Ask an Expert
    Experts are full of valuable knowledge and are ready to help with any question. Credentials confirmed by a Fortune 500 verification firm.
  • Get a Professional Answer
    Via email, text message, or notification as you wait on our site. Ask follow up questions if you need to.
  • 100% Satisfaction Guarantee
    Rate the answer you receive.
Ask jhannell Your Own Question
jhannell
jhannell, Computer Hardware Engineer
Category: Mac
Satisfied Customers: 8480
Experience:  Experience in Windows environment. ASP, Visual Basic, Ajax
14934061
Type Your Mac Question Here...
jhannell is online now

I have just received notification from Fasthosts that my website

Resolved Question:

I have just received notification from Fasthosts that my website has been compromised and therefore they have taken it off line. I followed their recommendations to identify the compromised files (/user/security_health_check.log) and have found two files which appear to be causing the problem (details below). However, I don't know what to do with them. I can get access to the site via the FTP server. Can I just delete them?
I have a regular Wordpress Database Backup update, however I am not sure that this would apply to these files which seem to be more to do with the functioning of WP rather than the data content.
/DANGEROUS URL REMOVED-1079767770/user/htdocs/wp-content/themes/twentyfourteen/fdj9wvqm.php
/DANGEROUS URL REMOVED-1079767770/user/htdocs/wp-content/themes/twentyeleven/dz3ckt2m.php
This is confirmed in the summary
SUMMARY ] [/DANGEROUS URL REMOVED-1079767770/user/htdocs/] [Compromises: 2 potential hits, Average score=5/5, Highest
Submitted: 1 year ago.
Category: Mac
Expert:  jhannell replied 1 year ago.

hello sir/madam,

these two files are not part of the twentyfourteen and twentyeleven theme. this is a well known issue called CryptoPHP backdoor infection which creates files on server with random filenames. you just need to delete those files and you will be safe again.

Customer: replied 1 year ago.

Brilliant. Thanks for your speedy help

Expert:  jhannell replied 1 year ago.
you are welcome.
jhannell and 2 other Mac Specialists are ready to help you