This question has been archived.

CryptoPHP -check your sites!

January 14, 2015 1.8k views

Although I was already aware of CryptoPHP, someone recently showed me a nice script that you can run to scan your server for this.

I just ran the script in my /var/www, as I do not upload or add applications to my operating system outside of trusted repositories.

~/ /var/www

CryptoPHP is generally smuggled into your web server from free plugins and themes you might download from un-trusted places.
Often, the infected file will be renamed as "social.png"

Fortunately, these files are easily detected. If you have added any plugins or themes that came from untrusted sources, I recommend running this script. It only takes a couple of minutes.

1 comment
Be the first one to answer this question.