Just recently, I had another attack. My hosting provider put my site on hold for a while so I could clean up the issues. They also offered a ‘security 911’ option that I could pay for and get ‘out of jail’. They also provided a list of ‘infected’ files that I needed to delete. There were like 120 of them.
I proceeded to delete all of the files, and noticed that they had a common theme. Most were *.php files. The names indicated they were old files, like some plugin upgrade renamed them. Many had the prevfix ‘prev’, or suffix ‘old’.
I deleted all of the rouge files and I am back in business. If you had trouble with my site, I apologize.
Would a hosting provider ever purposely add malware or hold a site hostage? I do not think so now, but it did cross my mind while I was attempting to delete over 100 files. I have since read about the situation on the web and confirmed. Since I had already upgraded my account when they shut it down, I do not think I was ever at risk.
I received this message from my hosting provider
“We wanted to let you know about a recent security vulnerability regarding the UpdraftPlus plugin for WordPress that you installed on your account.
More information about this vulnerability is available online:
http://blog.sucuri.net/2015/02/advisory-dangerous-nonce-leak-in-updraftplus.html
FOR YOUR PROTECTION …
We are in the process of upgrading your install to the patched version of UpdraftPlus, but now is a good time to ensure that your site is using the latest versions of all plugins or add-ons.
To be clear, the hosting platform was not compromised; as the security vulnerability regarding the UpdraftPlus plugin for WordPress became known, we simply took immediate steps to ensure the online safety of all our customers.
If you have any questions at all, please don’t hesitate to contact us:”
Have you ever had a malware issue? Or any attack on your blog?