How can I fix a Malicious web shell at hxxp://(omitted site)[.]us/.wp-admin/wsod

• 

  aranha86 · Member · Jan 25, 2024 at 6:23 pm

  • Copy link
  • Add topic to favorites

  This is the response from our website host:

  Hello,
  We have discovered a malicious web shell being hosted on your network:
  hxxp://(omitted site)[.]us/.wp-admin/wsoditz1.php [IP Omitted]
  Web shells are scripts that attackers upload to compromised web-servers in order to gain remote access. When accessed using a web browser, web shells can allow attackers to upload files, execute arbitrary commands on the server, and send spam. Web shells are often used to create phishing or malware attacks on the compromised server.
  Attackers often attempt to disguise web shells as benign pages. Common techniques include returning a fake 404 page and making the web shell input fields on the page invisible. Please check the attacker is not attempting to hide the web shell before dismissing this report.
  We previously contacted you about this issue on 2024-01-18 11:16:38 (UTC).
  More information about the detected issue is provided at https://incident.netcraft.com/8778cc6085e7/
  Kind regards,
  Netcraft

  Our website is being blocked by this shell attack. I don’t know whether to contact wordpress who we build our site from, or how to even approach both fixing this as well as protecting against it. Thank you!

  The blog I need help with is: (visible only to logged in users)

• 

  helper-heroponriki · Member · Jan 26, 2024 at 4:04 pm

  • Copy link

  Hello!

  Thank you for reaching out to the free support forums for websites hosted on WordPress.com. While your site is not hosted with us, we’re here to guide you in the right direction for assistance.

  Since you’re using the open-source version of the WordPress platform, which operates differently from what we provide on WordPress.com, you can find help at the community forums here:

  https://wordpress.org/support/forum/how-to-and-troubleshooting/

  The community members in the open-source forum are well-versed in these matters and are in the best position to offer support.

  I hope this information helps guide you in the right direction. Feel free to ask if you have any further questions or need more assistance.