Found weird File

Informal
1

I just found a random file on my Website and ig it is a Shell bypass what should i do did i get hacked?

image

2

Are you allowing users to upload files to your website?

2 Likes
3

Hi and welcome to the forum! I suggest you change the password of your hosting account and delete the file you think it’s uploaded by the hacker as soon as possible. Also, make sure your software is downloaded from a reputable source.

10 Likes
4

Change the password of your account as fast as possible and delete the file. It’s a real possibility that you got hacked.

3 Likes
5

Yes, it seems very likely to me that your site got hacked. Especially if you checked the code and found it was malicious.

If you want to do it properly, here is what you’ll want to do:

  1. Remember that your site has been compromised. Attackers were able to write files to your account. They may have also been able to read files. So assume that any file in your account may have been seen or modified. It’s very common for viruses to leave a backdoor in the system so they can attack again. If you want to secure your site, you’ll need to pull out the malware, roots and all.
  2. The first step is to reset your hosting account password, and any other credentials the attacker may have had access to.
  3. Then it’s useful to download a backup of your site. Be careful with it, know that it’s still infected.
  4. Then, wipe your entire account. Delete all the files. Better yet, remove your domains from it and deactivate the entire account so you can start over.
  5. Now you can reinstall your website. Download fresh copies of the latest versions from the original source to install it with. Do not restore any files from your backup, it may still contain malware you didn’t find.
  6. Finally, you can try to transplant some content from your backup to restore your site. Be very careful with anything that could possibly contain malware, backdoors or other things you don’t want. The less you do with backups, the better.

This is basically the most thorough and secure way. You can skip some parts if you want, but beware of the risks you’re taking by doing so.

9 Likes
6

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.