Many of today’s malware spread infection to all folders beyond the domain folders in the server. In this article, we will discuss the infection of initial subdomain folders on unused servers, which is often overlooked.
Infection of initial subdomain folders
The above example is a case where files called backdoors, such as moon.php, sb.php, and eew.php, are placed in the initial domain folder, which should be empty.
Through these files, hackers can access and tamper with any file in the server, or even place malicious files in arbitrary locations.
The reason why the malware is in the initial subdomain folder when there should be none is because the folders of other domains in the server that host WordPress are breached by the vulnerability, the malware is placed, and from that malware, the server’s folder structure is examined and the infection The reason is that the malware can then be used as a starting point to check the folder structure of the server and spread the infection.
*Malware that provides an entry point for hackers to enter the server is called a backdoor.
How to deal with initial subdomain folder infection
In most cases, the initial domain folder is not used when you sign up for a server. In this case, empty the initial domain folder.
If a test WordPress site is left in this folder, it may be infected by a vulnerability in the WordPress site. Again, we recommend that you back up and delete any unused sites from the server.
If one site on the server is infected with malware, it is likely that all sites on the server are infected as well.
Malware today often spreads to all folders on the server beyond the folders of the domain. If one site on the server is infected with malware, we recommend that all folders of all sites on the server (including the initial domain folder) be scanned for malware.
Free WordPress:Malware Scan Plugin [Malware and Virus Detection and Removal].
We will also take security measures to close the vulnerabilities that allowed hackers to enter the server in the first place.