Anonymousfox exploits wordpress websites via vulnerable files to gain access to administrator accounts and root access to server. With root file access anonymousfox can easily escalate to your hosting cpanel access by editing the contact address and resetting the cpanel account password. Keep in mind that with cpanel access anonymousfox can cross contaminate other websites.
The cleaning process can be lengthy and complex and you are probably better-off seeking your hosting provider help or security experts like us. Any residue left behind can re-contaminate your website(s) again.
Via our security plugin Spam Master from spammaster.org available free for wordpress ( plugin directory download link) we were able to track anonymousfox wordpress entry points (there might be more) from Czechia ip’s. You should check if these files exist in any of your wordpress installation(s). *** Disclaimer *** If you are not an expert, please do not delete files without consulting your hosting provider or security experts.
- /wp-content/plugins/wpdiscuz/themes/default/style-rtl.css
- /wp-content/plugins/fancy-product-designer/inc/custom-image-handler.php
- /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
- /wp-content/langar.php
- /test.php?Ghost=send
- /config.php
- /upload.php
- /up.php
- /wp-includes/small.php
- /wp-includes/lfx.php
- /wp-content/mu-plugins/db-safe-mode.php
- /legion.php
- /wp-content/wp-old-index.php?action=login&pass=-1&submit=
- /haders.php
- /wp-content/plugins/wpconfig.bak.php?act=sf
- /wp-content/plugins/ubh/up.php
- /wp-includes/css/wp-config.php
- /wp-content/plugins/config.bak.php
- /wp-content/themes/config.bak.php
- /wp-includes/config.bak.php
- /wp-content/config.bak.php
- /wp-admin/config.bak.php
- /config.bak.php
- /old-index.php
- /wp-includes/css/css.php
- /wp-includes/fonts/css.php
- /wp-1ogin_bak.php
- /wp-content/wp-1ogin_bak.php
- /cindex.php
- /wp-booking.php
- /alfa.php
- /alfindex.php
- /th3_err0r.php?php=https://rentry.co/yu8xc/raw
- /larva.php?idb=https://rentry.co/yu8xc/raw
- /wpindex.php?idb=https://rentry.co/yu8xc/raw
- /xmlrp.php?url=https://rentry.co/yu8xc/raw
- /wp-content/plugins/ioptimization/IOptimize.php?rchk
- /wp-content/db_cache.php
- /wp-content/plugins/backup_index.php
- /boom.php?x
- /?3x=3x
- /index.php?3x=3x
- /admin.php
- /wp-content/plugins/t_file_wp/t_file_wp.php?test=hello
- /moduless.php
- /style.php