Replies: 0
Hi,
My website was hacked some weeks ago. After some cleaning and security measures it has been pretty calm; no more admin users created nor email accounts in Cpanel. But I wonder how can I be sure?
In the Live Traffic tab in Wordfence I noticed that some coinciding attempts to login were coming from the Netherlands. And I noticed that one of the blocked attempts was this one:
https://delasciencealassiette.fr/ubpxwlwy.php?Fox=d3wL7
Can anyone explain why a .php file different from the usuals “.aws/credentials” or “info.php” or “config.js” attempts?
Can you help me to know what I can do to be assured that there are no infected files that the scan might be missing?
Grateful
Rod