Hello guys! So my friend asked me why his website seems weird on Google and why meta title seems to be “トリプルフローアイロン”. After checking requests logs on his hosting panel and checking files on FTP it’s clear that the website was hacked by someone who wants to position their product / website using unethical methods. Some files (like index.php or ArASEYYo.php in the root folder) have been decrypted, but CyberChef didn’t seem to help with decrypting / deobfuscate the file. My goal is to decrypt these files to see what other files are linked to it and delete all of them (deleting single file doesn’t change a thing, it appears again). Also we want to find the attacker.
So here are two questions regarding this topic:
1. Is there a community where people with similar experiences share the malicious files of their websites and cooperate to find solutions?
2. Where should I search for the solutions? I’ve only used “CyberChef” to try decrypting it, are there any other tools you guys recommend?
Thank you in advance,
↧
WordPress site hacked – decrypt files?
↧