The suspicious files could have got added to your account through a security hole in CMS application or its addons/plugins/themes. Such issues could be a result of using outdated plugins and themes. The hackers take advantage of security loopholes in the outdated installations and infect the files. Please clean up infected files using virus/malware scanners. DO NOT delete the files directly as they may be important for your website to function.
Kindly consult your/plugin developer before deleting and ensure that you have a backup on your local computer. In most cases, deleting these files may not be sufficient. You may have to delete the infected theme/plugin and reinstall to the latest version of CMS to fix the issue permanently. Further in case you find that any website is hacked, please restore the website from a noninfected backup.
We always recommend taking the following steps to secure your account:
- Update the plugins, themes and CMS of the sites to latest ones to avoid these issues.
- Check your account for any additional unfamiliar files and remove them.
- Update all scripts (WordPress, Joomla! etc.) and their plugins to the latest secure versions.
- Change your control panel and wordpress admin passwords to a stronger one.
- Ensure all computers used to access your accounts are frequently scanned for viruses and malware.
- Uninstall any plugins, modules or themes you are not using. Even if they are disabled the script resides on the server and can be exploited if there is a vulnerability.
- It is highly recommended to install a paid scanner software in your server for better scanning result.
- We recommend you to perform a malware scan on the server every week.
Please note that PHP has got a lot of very vulnerable and potentially exploitable functions. Hackers have been enjoying these security lapses for a long time. Most of the PHP applications like Joomla, Wordpress, PhpBB, PhpNuke, etc are community developed. These applications may have potential security vulnerabilities and hackers may exploit them. Most of the website hacking is done using vulnerabilities in PHP applications. All community developed PHP applications are patched as & when new vulnerabilities are discovered. So you should upgrade/patch PHP applications on your website from time to time. Failing to upgrade/patch PHP applications in your website is equal to opening a backdoor for the hacker on your website. A backdoor shell is a malicious piece of code (e.g. PHP, Python, Ruby) that can be uploaded to a site to gain access to files stored on that site. Once it is uploaded, the hacker can use it to edit, delete, or download any files on the site, or upload their own.
