Random html files are generated on my domain's htdocs folder - malware?

  • Hi all,


    I am writing in this forum as I am an active user of I-MSCP :-).


    One month ago, I have noticed a random HTML file listed in one of my domain's htdocs root folders. The file is only present in one of my 5 domains.


    The file name is always "csvjsjd.html".


    The content is always the same:



    At first, I just deleted it but it gets recreated. In some cases a PHP file is created, too. The way the URL is created looks like that somebody tries to hide the target, i.e. it seems to be malware.


    I have no deep Linux skills to analyze the cause of it. Wordpress is running in this particular domain, no other areas of my root server are affected. So, it seems that the malware cannot leave the "userspace" of the domain.


    Any help appreciated :-).



    Thanks!

  • Is WordPress updated to the latest release ?

    Are your plugins and themes updated to the latest release ?

    Did you install some security plugins like WordFence ?


    Your site has been hacked. How and when... who knows…

    But if you have a WP Site it's up to yo to mantain it always secure and always up 2 date.


    Then:

    - Change your FTP account passwords

    - Change MySQL User Password

    - Change WP Admins Passwords

    - Activate 2FA for every Admin account


    Bye Kess.

  • WordFence


    I advise against this plugin who I can. Not only does it build the false impression that the site is secure, it also often creates additional security risks.


    In practice, situations such as those described by the author of the topic may result from outdated or abandoned plugins or the entire Wordpress installation. Usually in this case you need to virus the whole installation and remove excess files, but in practice I recommend doing it this way:


    1. Save the wp-config.php file and the wp-content folder, delete the rest

    2. Review manually all folders and files that we saved in the first step, you can suggest dates of modification of files or unusual names

    3. Download the latest wordpress and unpack in the pages folder, supplement with previously saved wp-config.php and wp-content