This is a story of a hosting company which had troubles with infection of CryptoPHP on their servers. They first saw some emails being sent from their server into spam.
They were concerned about it, and with a lot of hard work they found the source of the infection.
What is CryptoPHP?
CryptoPHP is an infection that has been around a long time ago, but lately, he started to become more famous. The hackers use this method to infect the sites of the victims, who use content management system like WordPress, Joomla or Drupal. The problem begins when the administrator of the website thinks he is saving some money by downloading some free themes or plugins, but here is the complete opposite. He is not saving money, he is losing them. On the free themes a.k.a nulled themes or plugins, the hackers change the license code which gives them access to the website. @notesfromuk
The code looks like this
“<?php include(‘assets/images/social.png’); ?>”
If you have a little bit knowledge in PHP programming the code may look suspicious to you. In fact the root of “social.png” possess a code in itself that gives the hacker direct access to your website. They may abuse your site for different purposes like Black-Hat (they put a shell in your website, and then sell it), SEO, or even sending spam from your website.
What did the company ?
First, they have scanned all the files on the server where they found the source of infection of CryptoPHP, and then they denied the access into Nulled Scripts. Then after they deleted the infected files, and notified the clients about the issue, the company took some serious steps on security that this is not going to be repeated. They added advanced real-time software security to protect against new infections and updated the malware scanning tool to find affected data more quickly. Website
What should you do?
On the WordPress dashboard, you should check if there’s a new Administrator that you didn’t add. Look for files in your server via FTP client, if there’s a new file. Anyway, that may look boring, but there’s another way to check for viruses on your website.
What do we suggest?
The hosting company that issued this problem, and also we, suggest to not use Themes or Plugins that are on market, and you can find them for free because they have security bugs. As the old man’s said, Nothing is free. I think it’s better to use a free WordPress theme, like I am doing than using a premium nulled theme. Maybe there’s is someone that uses nulled WordPress Themes and didn’t have a problem, and thinks that this post is bullshit. But again your wrong. Maybe the hacker is waiting for you to make your site famous, and then he will do his thing?. Who knows?
Read more about How To Unblock Torrent Sites In India?