Raff
Active Member
I suggest that you always update your WP, Themes and Plugin.
All my websites on my server was infected by malware called "wp-vcd".
Read more about this Malware: https://medium.com/@cirku17/wp-vcd-malware-analysis-7c5dbaad89c3
https://otx.alienvault.com/pulse/596e1049fbe8a2174f3af765/
I noticed the malware on Aug 21, i visited my website using my iphone and i was shocked when a pop up ads and onclick ads appear on my website.
That time i knew that there's something wrong, i knew that i must be an injected script or code.
So i scan my server files, i sort all files by "Last Modified" and i found a suspicious file on core files of wordpress named "wp-vcd.php"
I made a research about this malware to know more about this and what are the files that infected by this malware or what files are other files are uploaded to my server.
So i found out that there are two injected files on every website server: wp-vcd.php and class.wp.php (located at wp-includes)
and there are two edited files on every website on my server: post.php (located at wp-includes) and functions.php (themes folder).
Then i delete all the injected files and restore the original functions.php and post.php and updated my WP to latest version, i also installed Anti Malware plugin so it will notify me when theres suspicious files on my server.
I want to share this so in case you experienced this on your website, you know what files to delete and restore.
All my websites on my server was infected by malware called "wp-vcd".
Read more about this Malware: https://medium.com/@cirku17/wp-vcd-malware-analysis-7c5dbaad89c3
https://otx.alienvault.com/pulse/596e1049fbe8a2174f3af765/
I noticed the malware on Aug 21, i visited my website using my iphone and i was shocked when a pop up ads and onclick ads appear on my website.
That time i knew that there's something wrong, i knew that i must be an injected script or code.
So i scan my server files, i sort all files by "Last Modified" and i found a suspicious file on core files of wordpress named "wp-vcd.php"
I made a research about this malware to know more about this and what are the files that infected by this malware or what files are other files are uploaded to my server.
So i found out that there are two injected files on every website server: wp-vcd.php and class.wp.php (located at wp-includes)
and there are two edited files on every website on my server: post.php (located at wp-includes) and functions.php (themes folder).
Then i delete all the injected files and restore the original functions.php and post.php and updated my WP to latest version, i also installed Anti Malware plugin so it will notify me when theres suspicious files on my server.
I want to share this so in case you experienced this on your website, you know what files to delete and restore.