Three days ago, when I wanted to access the dashboard of my wordpress website and I entered "holidays-xyz.com/wp-admin/" to access the login page, I got the following error:
This site can’t be reachedholiday-xyz.com’s server IP address could not be found.
Search Google for holiday xyz admin
ERR_NAME_NOT_RESOLVED
I contacted my webhosting provider "inmotionhosting.com " and they made a shell scan. I now received an email with the results as follows:
(see below the email copy)
"Good day Jose,
Thank you for your patience as the scan completed. I'm happy to be able to assist you today.
Unfortunately, the scan did identify some malware/malicious code. The file found in the scan is as follows:
/home/gotooga1/public_html/tele-tooga.com/public_html/wp-content/plugins/wppas/templates/js/ace/mode-php
I recommend reviewing this with your developer or a security specialist. This link to our Support Center article may also assist you:
http://www.inmotionhosting.com/support/ ... rom-a-hack
If you'd like, we can quarantine this file for you, however, we are unaware of how the site will function without this file being accessible, just let us know, if you'd like to pursue that option. Although, if you have a known, clean cPanel backup, then you can upload that to the server and then we will be able to assist you with restoring that backup.
Please let us know if you have any further questions; we are more than happy to help.
Best Regards,
Forrest Ro.
InMotion Hosting
888-321-HOST (4678) Available 24/7
https://www.inmotionhosting.com"
As per the above email, the file found on the scan "/home/gotooga1/public_html/tele-tooga.com/public_html/wp-content/plugins/wppas/templates/js/ace/mode-php " , is very,very long, but just at the begining of it has a line of code {return{token:"comment.doc.tag.storage.type",regex:"\\b(?:TODO|FIXME|XXX|HACK)\\b"} , which looks suspicious(but I do not understand anything about hacking) - Below see it
"ace.define("ace/mode/doc_comment_highlight_rules",["require","exports","module","ace/lib/oop","ace/mode/text_highlight_rules"],function(e,t,n){"use strict";var r=e("../lib/oop"),i=e("./text_highlight_rules").TextHighlightRules,s=function(){this.$rules={start:[{token:"comment.doc.tag",regex:"@[\\w\\d_]+"},s.getTagRule(),{defaultToken:"comment.doc",caseInsensitive:!0}]}};r.inherits(s,i),s.getTagRule=function(e){return{token:"comment.doc.tag.storage.type",regex:"\\b(?:TODO|FIXME|XXX|HACK)\\b"}},s.getStartRule=function(e){return{token:"comment.doc",regex:"\\/\\*(?=\\*)",next:e}},s.getEndRule=function(e){return{token:"comment.doc",regex:"\\*\\/",next:e}},t.DocCommentHighlightRules=s}),ace.define("ace/mode/css_highlight_rules",["require","exports","module","ace/lib/oop","ace/lib/lang","ace/mode/text_highlight_rules"],function(e,t,n){"use strict";var r=e("../lib/oop"),i=e("../lib/lang"),s=e("./text_highlight_rules").TextHighlightRules,o= "
I will appreciate your help in solving the issue
Jose Fernandes
P:S: As a matter of interest:
The website "holidays-xyz.com"(where i can not access the wp-admin page) is hosted with a vps2000 , where I also have other websites. of which one of them is "tele-tooga.com(where the file "mode-php " is located. ???????