MironJ
- Total activity 19
- Last activity
- Member since
- Following 0 users
- Followed by 0 users
- Votes 0
- Subscriptions 5
Comments
Recent activity by MironJ-
Definitely, I found infected files under plugins too (/wp-content/plugins/libravatar-replace/). Search for "jcache" file or files with "/usr/bin/perl" or "urldecode" content: find . -type f -exe...
-
Excellent, I'm glad to see you found it ;) And immediately update WP, all plugins and themes to the latest available versions and be sure to change WP admin password. Please update this thread if...
-
Well, probably variable names are not the same in the every case. But for beginning check all "404.php" and "functions.php" files, under every installed theme. php code added into theme "functions...
-
Ok, I found it. It's theme "404.php" file with inserted code like this: shortened with dots (.....): [Removed]
-
Update, POST requests that activated this "jcache" processes: 198.71.227.54 - - [12/Jul/2016:05:09:34 +0200] "POST /1.php HTTP/1.1" 200 78088 "-" "Mozilla/5.0 (Windows NT 6.0; rv:16.0) Gecko/2013...
-
Hello, Looks like some WP exploit. We have same issue on one user account with WP installed. It's an old installation, but client does not know anything about jcache or something similar. Looking...
-
Hello MironJ, Thank you for your prompt reply, this commands shows : Reserved block count: 639986 what does it means ?? It means that 5% (639986 * 4k block size = 2.5 = 5% of 50GB) of the partit...
-
I have suggested reducing reserved space only as a temporary solution. Except suggestion from @cPanelMichael, check if you can move some things to some other partition and connect it with symlink u...
-
Hello, Temporary you can reduce default 5% of the /root partition reserved for the root user and system services. Check reserved space: tune2fs -l /dev/root | grep "Reserved block count" Reduce ...
-
Happened to me as well. :) I fixed it several times just with re-uploading complete /home/cpuser/etc folder.