AnonymousFox Malware Constantly Recreating Files

carbide20

3/31/24, 6:13 PM

I had a Wordpress site infected by the AnonymousFox malware.

I've cleaned / removed all affected files.
I've removed the cron job which was set to reinfect the system.
I've removed extra DB accounts.
I've removed infected Wordpress plugins.
I've removed malicious email addresses.

At this point, I thought I was rid of this AnonymousFox - however when I try to edit or delete the site index.php file, it is immediately overwritten / recreated with 444 permissions.

I've checked the running processes on the server and found none of them to be executing PHP files. I do not see any processes which seem malicious. I assume, however, that there must be a process on the server which is constantly recreating this index.php file.

How can I identify what is recreating this file and stop it?

0 + 0

ubuntu

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: AnonymousFox Malware Constantly Recreating Files

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.