So I’ve found these random php files on my sites … and i think it’s a php injection attack. I delete them the files and the folders filled with thousands of asian character html files and they come back the next day. I have iThemes securtiy /wordfence and a malware scanner thing… but the always come back. I’m at my wits end. How do I rid myself of this scourge!
Since you have iThemes, do you have any backups prior to the attacks.
I’ve only got this after the attack
Sorry to hear but in my experience, no plugin can clean your directories if attacked. I have had this situation with 2 of my client’s websites and the case was same multiple folders were there in the root of them. I deleted them once but next day all were back. The reason i found was in .htaccess file. If the site is of WordPress then i suggest you to first check these files at the root of site .htaccess, index.php and delete any unwanted script/code you find in there. Update the wp-admin, wp-includes folders to the version of WP you are using. Delete all the unwanted folders once and hopefully they won’t come back.
In worst case if you are unable to fic this then call your hosting administrator and ask them if a backup can be made before they restore the website for you.
Good Luck!
Oh … thanks. I’ll take a look at the .htaccess files. Is there a server search option? that I can search thought all the sites for any rouge .htaccess files hidden where the arn’t suppose to be.
On second thought I might just pay someone to do it for me. Can I cerate a project on Evanto Studio and people bid on it?
People don’t bit on Envato Studio projects. Instead you choose a provider by sending them an enquiry or buying their service. Good luck with the project! 
Oh … thanks. I’ll do some digging.
thanks again
Search for “Malware” on Envato Studio. There’s a few providers who are experienced with this and can help you get up and running.
Also change all your passwords right now, then change all your passwords again once the Envato Studio provider has finished cleaning up. Good luck!
Malware removal on Envato Studio: https://studio.envato.com/search?utf8=✓&search[query]=malware
1 Like
Hi,
Usually these attacks are generated by installed plugins.(In particular plugins free from suspicious sites or pirated.) Reminder plugins you have installed lately.
Also look what permissions you set to server (777 - is WRONG and vulnerable) . Normally the database is not affected.
The only way you can get rid of these attacks is to clean (delete) everything to check your server settings and use a CDN service to mask your nameservers , install all again, and import all content and database.
Good Luck,