Since 7.11 I have been fighting repeated attacks on our website
I installed the free version of the Wordfence plugin, which helped me remove some vulnerabilities, but the attacks continued. The scan found 48 new findings, 39 critical and 9 high severity.
Some parts of the findings were categorized as backdoor PHP/a1b2.15070.
I cleaned the site, no findings were detected.
I have Eset antivirus installed on my laptop, which is still blocking me from communicating with https://hudbaaslovo.cz.
On the morning of 16.11. new findings appeared
Critical issues:
- File appears to be suspicious or dangerous: wp-includes/blocks/legacy-widget/.e733b7df.css
- File appears to be suspicious or unsafe: wp-includes/load.php
- File appears to be suspicious or unsafe: index.php
Problems of high severity:
- Unknown file in WordPress core: wp-includes/blocks/legacy-widget/.e733b7df.css
- Modified WordPress core file: index.php
- Modified WordPress core file: wp-includes/load.php
All findings have been removed or corrected.
This morning (18.11.) scan detected 31 findings in which several backdoors were identified.
PHP/lfi.11719
PHP/SerializeIt.A.13398
PHP/commented.13352
PHP/RCE.obfuscated.11616
PHP/commented.13385
Can you advise me how to proceed to get rid of similar attacks? No unwanted activity is visible in activite.log.
Thank you
Luboš