• GoDaddy Community
  • Using WordPress

    • Using WordPress

    cancel
    Turn on suggestions
    Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
    Showing results for 
    Show  only  | Search instead for 
    Did you mean: 
    lukemac
    New
    ‎07-16-2018 10:14 AM
    ‎07-16-2018 10:14 AM

    File appears to be malicious: wp-content/mu-plugins/gd-lib.php

    Hi All,

     

    Having an issue where when a user does a google search for my website, it appears but the links seem to be correct but when you click on them it brings you to a site selling drugs.

     

    I have installed wordfence and it is notifying me that there the File appears to be malicious: wp-content/mu-plugins/gd-lib.php

     

    Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: setcookie('engine_ssl_. The infection type is: Backdoor used to remotely control server.

     

    Any one any ideas if this is a false positive or is there an issue

     

    Product:
    0 Kudos
    Reply
    3 REPLIES 3
    Muse
    Super User 2020 Super User 2020
    Super User 2020
    ‎07-17-2018 02:50 PM
    ‎07-17-2018 02:50 PM

    @lukemac

     

    In your post I provided a link to check for security issues.  Did you try that?  Go to this link and run a test to find out for sure. 

     

    If in fact you are hacked the site has to be cleaned.  GoDaddy does offer this service as well.

     

    HTH! 😉

     

     

     

    Judith
    "No guts, no story." ~ Chris Brady

    Reply
    Bensharp
    New
    ‎08-17-2018 03:37 AM
    ‎08-17-2018 03:37 AM

    I'm using Wordfence to scan my site and it is alerting me to potentially malicious code: 

     

    • Filename: wp-content/mu-plugins/gd-lib.php
    • File Type: Not a core, theme, or plugin file from wordpress.org.
    • Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: setcookie('engine_ssl_. The infection type is: Backdoor used to remotely control server.

    HOWEVER, every time I remove the file it completely disables my site, and I'm unable to access my WP dashboard The only way to restore the site is to roll back to a previously saved version via my Godaddy backup service. 

     

    Is this actually malicious code or is it a file installed by Godaddy?

     

    Any help much appreciated.

    Ben

    0 Kudos
    Reply

    You may also like...