Hello,
A routine scan of your account has found the malicious or infected files present.
/wp-includes/images/smilies/credits.php
/wp-includes/images/crystal/links.php
/wp-includes/images/crystal/cache.php
/wp-includes/images/wlw/capabilities.pl
/xxxxx/wp-includes/images/crystal/users.php
/xxxx/wp-includes/images/crystal/cache.php
/xxxxx/wp-includes/images/wlw/sidebar.pl
/xxxx/wp-includes/images/wlw/media.php
/xxxxx/wp-includes/images/smilies/gettext.php
/xxxxxx/wp-includes/images/smilies/pattern.php
/xxxxxx/wp-includes/images/crystal/link.pl
/xxxxxx/wp-includes/images/crystal/widgets.php
As a result, we have had to suspend your account, to avoid problems for site visitors or other customers. Please remove the malicious files, through FTP or the file manager. Also, databases must be checked for WP_CLIENT_KEY in the options tables and that entry must be removed.
We also strongly recommend that change your password through the control panel for the account, and most importantly, you need to make sure any applications in your account are completely up-to-date as far as versions, security patches, etc. are concerned. This applies not just to the core application, but also plugins, themes, modules, etc. ** If this is not done, your account will remain vulnerable to future attacks of this kind. **
Please take appropriate actions and reply back to us so that we can activate your account.
Sincerely,
Rashmi P
i ajd ove fajlove obrisem sto su označili ali nemam pojma sta da radim sa databazom.
to im i napisem oni mi kazu da ce opet skenirat sajt i posalju mi ovo
I have rescanned your account and still found the malicious or infected files ‘/xxxxxxxx/wp-content/themes/atahualpa/functions.php’. Please remove the malicious codes/files through FTP or the file manager and get back to us so that we can enable your account.
You can check the database by following the steps given below:
- You can access the table wp_options in MySQL database through phpMyAdmin ( if you are using wordpress multisite it will be also on wp_10_oprions as well ) .
- look into the rows of this table for strange encrypted values WHERE
option_name
like (“wp_data_newa”,“WP_CLIENT_KEY”) and delete the malware content in the table.
ja obrisem ovaj fajl iako po mojoj pretpostavci satn nece radit jer sam temi obrisala functions.php fajl
ali u ove redove u mysql gledam i nista mi jasno nije 5 sajtova mi čitav dan nedostupno sta da činim zna li ko?