Trojan Attacks

Dear All,

i am running wordpress (latest) on windows 2003 with MySql server as usual. lately some one is trying to drop a trojan into my server. the message below i get in the eventviewer:

Name: Backdoor:PHP/SimpleShell.A
ID: 2147684280
Severity: Severe
Category: Backdoor
Path: file:_C:\WINDOWS\Temp\phpF0.tmp->[PHP];file:_C:\WINDOWS\Temp\phpF2.tmp->[PHP];file:_C:\WINDOWS\Temp\phpF4.tmp->[PHP];file:_C:\WINDOWS\Temp\phpF6.tmp->[PHP];file:_C:\WINDOWS\Temp\phpF8.tmp->[PHP];file:_C:\WINDOWS\Temp\phpFA.tmp->[PHP]
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
User: servername\IUSR_servername
Process Name: C:\Program Files\PHP\php-cgi.exe

disabling File_Upload on php.ini solves the problem but i need the upload to be enables so my students will be able to upload files to the wordpress.

am running 5.2.13

any help is appreciated

It’s a very short term solution, but record the ip address and block it. Your anti virus did it’s job.

You can also filter out the uploaded files by only allowing specific file types.

Sponsor our Newsletter | Privacy Policy | Terms of Service