Some common Malware for reference


FilesMan is a backdoor which allows unauthorized access/creation/modification of your website files via PHP requests.

There are unlimited variance of FilesMan we have seen.  One of which is as attached for reference.


Remote Arbitrary Code Execution

The left-hand-side image shows a piece of hidden code.  If we decode it, it means –


eval() means Evaluate a string as PHP code (execute the content)

Apparently, it is a tool for remote arbitrary code execution.
Everything PHP commands passed to nf0b08a via HTTP POST request, it will be executed.
(HTTP POST is a very common request used in our daily life, e.g. input username/password to login)

Remote Arbitrary Code execution

Remote Arbitrary Code Execution (more complex)

A much more complex remote arbitrary code execution malware

Remote Arbitrary Code execution

Hidden Malware

Some malwares are hidden in apparent text file (e.g. License file)
(there are some other malicious PHP commands inside other sections in the example file)

malicious PHP commands hidden in apparent license file

Excessive Traffic

The image shows a code being injected into wp_content/themes/xxxx/header.php

This JavaScript will be bundled to your WordPress website visitors’ browsers (as a part of theme content).

From the code, the visitor browser will visit the URL… every 10 seconds, and generate unnecessary and excessive traffic to the victim website.

When this malware is widely distributed, they will generate a large amount of excessive traffic against the victim website, and may make the victim website server slow, or even inaccessible.
(In the example, the victim website is one)

Generate excessive traffic against victim website

About is managed by web hosting professionals, who have been working on web hosting, WordPress website, security and vulnerabilities area since 2003.

Contact: (852) 3502-4863 | Email:
Copyright 2015-2019 (c) Website Maintenance Service Limited

Pin It on Pinterest

Share This