Hello,
Imunify360 found a file from you that was marked as malware. The content of the file:
Code <?php
@unlink(__FILE__);
// Validate if the request is from Softaculous
if($_REQUEST['pass'] != 'hsniaemokfj7tzvmdge2mphcterbbsne'){
die("Unauthorized Access");
}
require('wp-blog-header.php');
require('wp-includes/pluggable.php');
$user_info = get_userdata(1);
// Automatic login //
$username = $user_info->user_login;
$user = get_user_by('login', $username );
// Redirect URL //
if ( !is_wp_error( $user ) )
{
wp_clear_auth_cookie();
wp_set_current_user ( $user->ID );
wp_set_auth_cookie ( $user->ID );
$redirect_to = user_admin_url();
wp_safe_redirect( $redirect_to );
exit();
}
If I remove WP install from softaculous records and import it again it does create a file with name:
sapp-wp-signon.php
With this content:
Code <?php
@unlink(__FILE__);
// Validate if the request is from Softaculous
if($_REQUEST['pass'] != 'sxuvrczvqqgxyubpnyo1amg8uqvgnwkv'){
die("Unauthorized Access");
}
require('wp-blog-header.php');
require('wp-includes/pluggable.php');
$signon_user = '';
//Backword compatibility ($__setting['signon_username'] won't be there in previous versions <= 5.2.3)
if(!empty($signon_user) && !preg_match('/^\[\[(.*?)\]\]$/is', $signon_user)){
$user = get_user_by('login', $signon_user);
}else{
$user_info = get_userdata(1);
// Automatic login //
$username = $user_info->user_login;
$user = get_user_by('login', $username);
}
// Redirect URL //
if ( !is_wp_error( $user ) )
{
wp_clear_auth_cookie();
wp_set_current_user ( $user->ID );
wp_set_auth_cookie ( $user->ID );
$redirect_to = user_admin_url();
wp_safe_redirect( $redirect_to );
exit();
}
I was not able to auto login to the site after the import. I also tried a couple of other sites/customers and auto login is not working anymore?!
I also found this:
https://gist.github.com/bi0xid/60803a9cca862888b15d94bf46774fb3
Please check this asap.
|