We engaged an external web developer agency to build a website on WordPress. A week before we unveil the website, our in-house developer Ching Tong discovered a malicious code that could delete everything off the website. What are the consequences? You lose all your files, plenty of finger pointing and no website in place. To avoid this from happening to anyone, Ching Tong has summarised the incident and suggestions on how to dodge these attacks.
But first, what is a malicious code?
Malicious codes are a kind of computer code or webscript that cannot be detected by an anti-virus software alone. Compared to viruses, where it requires a user to run a program in order to cause damage, a malicious code is an auto-executable application. Such codes can give the attacker to an opportunity to wipe out a computer’s data or install spyware.
Discovery
- We were first flagged by WordPress plugin “Defender Security, Monitoring and Hack Protection”.
- The plugin was able to scan WordPress files by comparing them with WordPress core files.
- A certain suspicious file was one of the files highlighted as an unknown file in WordPress core files.
- Further investigations were conducted to review the contents of this suspicious file.
What can the mysterious file do?
- The suspicious file contains a code that can delete all files within the WordPress directory and drop all tables in the database.
- Upon accessing this file through the web browser via [hostname]/[file_name], any malicious code hidden in this file runs instantly.
- Using Linux Command Line editor, “nano”, to review the contents triggered the malicious code as well.
Suggestions
- A safe approach is to access this sort of files on a local drive using a Text Editor like Atom or Sublime.
- Review files that have been highlighted as an unknown file in WordPress core files.
- Change and do not use the same keys and passwords which have been provided by others.
- Always keep an up to date backup copy of files.
We hope this helps. Remember, all it takes is one rotten file to bring a website down.
Written by Liwen and Ching Tong