My web wordpress web site was hacked awhile ago. In the process of clearing thing up, ran into a folder called “compartmented-chattererz” which got deleted along with a bunch of other stuff. I now have a that runs in the background that catches calls to non-existent pages on my site. I get a bunch of calls the include compartmented-chattererz in the URL along with some thing after it (see below). I’ve tried looking it up on the internet but I can’t find anything about it. Any ideas?
SOmeone was using your service to host a bunch of spam from the looks of it; they were probably cycling scams based on what was getting flagged from your domain.
Wordpress has been auto-updating for quite a while now; the typical case of this failing is only on botched installs or shared hosting where wordpress is not given permission to update its own files.
That’s how I fixed it. Deleted everything from the server, reinstalled WP and got most of my data back from old backups. There is nothing on there important. I’m just amazed how many attempts there are to access non-existent pages.
Using wordfence goes a long way, but as others have said, you need to keep everything updated. Additionally, reduce the number of plugins you are using, and finally, verify the permissions on the files and directories are set correctly, the script located at WordPress Permissions Configuration Script · GitHub is a good place to start.
Then… and only then use plugins like wordfence as the last layer of defense. The rest just builds up the great wall plus the castle.
As for those “none” existant page hits. Well that’s all coming from a botnet and most likely they installed a c99shell and then setup a bit of script to do: