Hi All,
I’m getting the following notification after a recent scan regarding a file called signup.php. I’ve deleted the file signup.php with the help of my host company. I have a couple of questions please.
1) Should I have deleted it? I hope so, because I tried to save a copy of the php code in a *.txt file, but my virus software immediately deleted it. So, I don’t have a copy of the php code.
2) Was it enough to just delete signup.php? Or is there anything else I need to do to clean my site?
3) How did this malicious php file end up on my website? I thought WordFence blocked this kind of attack.
Thanks for the help! I really appreciate it.
Andrew
=== NOTIFICATION ========
Filename: signup.php
File Type: Not a core, theme, or plugin file from wordpress.org.
Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The matched text in this file is: function_exists(‘exec’)){ @exec($code,$res);The issue type is: Backdoor:PHP/nobodycrew.3414
Description: A backdoor known as nobodycrew