Recurrent Malware Problem at Ionos Hosting Provider
- or -
Post a project like this$300
- Posted:
- Proposals: 16
- Remote
- #4139901
- OPPORTUNITY
- Expired
Description
Experience Level: Intermediate
Description of the Problem:
Repeated malware attacks are affecting several WordPress sites hosted on the same FTP space with the Ionos hosting provider. These attacks manifest as unauthorized modifications to files, particularly wp-config.php, and the addition of suspicious PHP files at the root and in various folders. The host's response has been to modify file access rights, which has not definitively resolved the issue.
Examples of Undesirable Modifications:
Insertion of suspicious lines in wp-config.php (example: $rs5 = "/kunden/.../.edbfcdf9.ccss";@include_once /* q5 */ ($rs5);)
Addition of PHP files such as index.php, options.php, themes.php, wp-login.php in various folders (.local, .wp-cli), with content similar to that found in wp-config.php
Current Countermeasure Measures:
SSH Script for Resetting: Execution of a script to remove and reinstall the wp-admin and wp-includes folders, deletion of PHP files (except wp-config.php), and readjustment of permissions.
Manual Cleaning of wp-config.php: Manual removal of lines added by the malware in wp-config.php.
Specific Request to the Security Expert:
in ssh :#!/bin/bash
# Remove specific folders and files
rm -rf wp-admin wp-includes && find . -maxdepth 1 -type f -name "*.php" ! -name "wp-config.php" -exec rm -f {} \;
# Download the WordPress core without content
wp core download --skip-content --force
# Remove the wp-config-sample.php file
rm wp-config-sample.php
# Change permissions for folders and files
find . -type d -exec chmod 755 {} \; &
find . -type f -exec chmod 644 {} \; &
In-Depth Analysis: Examine attack vectors, server logs, plugins, themes, and security configurations.
Root Solution: Propose a comprehensive strategy to eliminate the malware and prevent future attacks.
Advanced Expertise: Advanced understanding of WordPress hosting environments and specific challenges related to Ionos is required.
Additional Context for the Expert:
Attack History: Several attempts at resolution by different developers have not been successful. The Ionos host has taken measures, but the problem persists.
Impact on the Sites.
"The relevant WordPress folders"
kolia
nextcocoon
storelyst
storelyst/maisonezinris
storelyst/merchant/ecoleducoiffeur
storelyst/merchant/flawlaceparis
storelyst/merchant/orahparis
storelyst/merchant/-sneakersandgo
storelyst/merchant/vianacosmetiques
storelyst/merchant/cubanohair
storelyst/merchant/orahparisacademy
storelyst/merchant/stellayato
storelyst/merchant/dreamvirginhair
storelyst/merchant/jardindepaix
storelyst/merchant/nkmacademy
storelyst/merchant/stellayatoacademy
storelyst/merchant/dulcebolosso
storelyst/merchant/fannysbeauty
storelyst/merchant/lambertbeauty
storelyst/merchant/nkminstitut
storelyst/merchant/secureacademy
storelyst/merchant/testeur
storelyst/pay
libotta
samlyhair
stylebyep
vanessahayes
boya
dacry
sbdrteam
demo
jardindepaix
orahparis
therlandeglow
edsar
jardindepaix-old
lollaparis
orahparis-
slayandslim
thevenuse
yolandahair
elleryse
kellyhair
mbcoiffure
slimeaa
tmstudio
fannyparis
klesis
misterclim
queenhair
stellayato
trinity
Repeated malware attacks are affecting several WordPress sites hosted on the same FTP space with the Ionos hosting provider. These attacks manifest as unauthorized modifications to files, particularly wp-config.php, and the addition of suspicious PHP files at the root and in various folders. The host's response has been to modify file access rights, which has not definitively resolved the issue.
Examples of Undesirable Modifications:
Insertion of suspicious lines in wp-config.php (example: $rs5 = "/kunden/.../.edbfcdf9.ccss";@include_once /* q5 */ ($rs5);)
Addition of PHP files such as index.php, options.php, themes.php, wp-login.php in various folders (.local, .wp-cli), with content similar to that found in wp-config.php
Current Countermeasure Measures:
SSH Script for Resetting: Execution of a script to remove and reinstall the wp-admin and wp-includes folders, deletion of PHP files (except wp-config.php), and readjustment of permissions.
Manual Cleaning of wp-config.php: Manual removal of lines added by the malware in wp-config.php.
Specific Request to the Security Expert:
in ssh :#!/bin/bash
# Remove specific folders and files
rm -rf wp-admin wp-includes && find . -maxdepth 1 -type f -name "*.php" ! -name "wp-config.php" -exec rm -f {} \;
# Download the WordPress core without content
wp core download --skip-content --force
# Remove the wp-config-sample.php file
rm wp-config-sample.php
# Change permissions for folders and files
find . -type d -exec chmod 755 {} \; &
find . -type f -exec chmod 644 {} \; &
In-Depth Analysis: Examine attack vectors, server logs, plugins, themes, and security configurations.
Root Solution: Propose a comprehensive strategy to eliminate the malware and prevent future attacks.
Advanced Expertise: Advanced understanding of WordPress hosting environments and specific challenges related to Ionos is required.
Additional Context for the Expert:
Attack History: Several attempts at resolution by different developers have not been successful. The Ionos host has taken measures, but the problem persists.
Impact on the Sites.
"The relevant WordPress folders"
kolia
nextcocoon
storelyst
storelyst/maisonezinris
storelyst/merchant/ecoleducoiffeur
storelyst/merchant/flawlaceparis
storelyst/merchant/orahparis
storelyst/merchant/-sneakersandgo
storelyst/merchant/vianacosmetiques
storelyst/merchant/cubanohair
storelyst/merchant/orahparisacademy
storelyst/merchant/stellayato
storelyst/merchant/dreamvirginhair
storelyst/merchant/jardindepaix
storelyst/merchant/nkmacademy
storelyst/merchant/stellayatoacademy
storelyst/merchant/dulcebolosso
storelyst/merchant/fannysbeauty
storelyst/merchant/lambertbeauty
storelyst/merchant/nkminstitut
storelyst/merchant/secureacademy
storelyst/merchant/testeur
storelyst/pay
libotta
samlyhair
stylebyep
vanessahayes
boya
dacry
sbdrteam
demo
jardindepaix
orahparis
therlandeglow
edsar
jardindepaix-old
lollaparis
orahparis-
slayandslim
thevenuse
yolandahair
elleryse
kellyhair
mbcoiffure
slimeaa
tmstudio
fannyparis
klesis
misterclim
queenhair
stellayato
trinity
Projects Completed
14
Freelancers worked with
13
Projects awarded
24%
Last project
9 Apr 2024
France
New Proposal
Login to your account and send a proposal now to get this project.
Log inClarification Board Ask a Question
-
There are no clarification messages.
We collect cookies to enable the proper functioning and security of our website, and to enhance your experience. By clicking on 'Accept All Cookies', you consent to the use of these cookies. You can change your 'Cookies Settings' at any time. For more information, please read ourCookie Policy
Cookie Settings
Accept All Cookies