Title: ALL PHP files added with garbage code
Last modified: August 20, 2016

---

# ALL PHP files added with garbage code

 *  Resolved [deathski](https://wordpress.org/support/users/deathski/)
 * (@deathski)
 * [14 years, 1 month ago](https://wordpress.org/support/topic/all-php-files-added-with-garbage-code/)
 * Hi,
 * All my WordPress sites just got hacked! All my php files had garbage code appended
   on top portion or bottom. See link below:
 * [hacked php file](http://farm8.staticflickr.com/7128/7064941763_a81b48ed96_c.jpg)
 * This is on an index.php file. All PHP files have similar “garbage” code added.
   Anyone encountered this type of hacking? What is the culprit? This already happened
   twice to me! 🙁 Appreciate any help.

Viewing 4 replies - 1 through 4 (of 4 total)

 *  [esmi](https://wordpress.org/support/users/esmi/)
 * (@esmi)
 * [14 years, 1 month ago](https://wordpress.org/support/topic/all-php-files-added-with-garbage-code/#post-2679029)
 * You need to start working your way through these resources:
    [http://codex.wordpress.org/FAQ_My_site_was_hacked](http://codex.wordpress.org/FAQ_My_site_was_hacked)
   [http://wordpress.org/support/topic/268083#post-1065779](http://wordpress.org/support/topic/268083#post-1065779)
   [http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/](http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/)
   [http://ottopress.com/2009/hacked-wordpress-backdoors/](http://ottopress.com/2009/hacked-wordpress-backdoors/)
 * [http://sitecheck.sucuri.net/scanner/](http://sitecheck.sucuri.net/scanner/)
   
   [http://www.unmaskparasites.com/](http://www.unmaskparasites.com/)
 * [http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html](http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html)
 *  Thread Starter [deathski](https://wordpress.org/support/users/deathski/)
 * (@deathski)
 * [14 years, 1 month ago](https://wordpress.org/support/topic/all-php-files-added-with-garbage-code/#post-2679048)
 * I’ve gone to those links even before when it first happened. i suspected the 
   timthump.php vulnerability back then.
 * code snippet (hacked index.php). I don’t think it’s a simple password got hacked
   thing. Any thoughts?
 * _[ Don’t post malware code here. If you must share that bad stuff (really don’t)
   use [pastebin.com](http://pastebin.com/) instead. ]_
 *  Thread Starter [deathski](https://wordpress.org/support/users/deathski/)
 * (@deathski)
 * [14 years, 1 month ago](https://wordpress.org/support/topic/all-php-files-added-with-garbage-code/#post-2679067)
 * This attack
    _[Code moderated. Please do not post hack code blocks in the forums.
   Please use the [pastebin](http://wordpress.pastebin.com/)]_
 * How do I prevent this?!
 *  Thread Starter [deathski](https://wordpress.org/support/users/deathski/)
 * (@deathski)
 * [14 years, 1 month ago](https://wordpress.org/support/topic/all-php-files-added-with-garbage-code/#post-2679162)
 * OK sorry. Can you please just help me with the SSH command for searching my php
   files for partial string “GetMama” ? I tried:
 * find . -exec grep -l “GetMama” {} \;
 * But it returns, -bash: GetMama: command not found
    find: missing argument to `-
   exec’

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘ALL PHP files added with garbage code’ is closed to new replies.

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 4 replies
 * 2 participants
 * Last reply from: [deathski](https://wordpress.org/support/users/deathski/)
 * Last activity: [14 years, 1 month ago](https://wordpress.org/support/topic/all-php-files-added-with-garbage-code/#post-2679162)
 * Status: resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics