Title: hack by eval base64 script malware
Last modified: August 20, 2016

---

# hack by eval base64 script malware

 *  [masie0119](https://wordpress.org/support/users/masie0119/)
 * (@masie0119)
 * [14 years, 1 month ago](https://wordpress.org/support/topic/hack-by-eval-base64-script-malware/)
 * we are running a lot of wp sites on our managed servers,
    but we’re attacked 
   by this eval base64 script malware on all php files, and it attacks all the directories
   and all the php files in our server. can you help us or give us suggestion on
   how to fix this.

Viewing 8 replies - 1 through 8 (of 8 total)

 *  [FMarion](https://wordpress.org/support/users/fmarion/)
 * (@fmarion)
 * [14 years, 1 month ago](https://wordpress.org/support/topic/hack-by-eval-base64-script-malware/#post-2670673)
 * We had the same thing. A wipeout of the current files, a fresh install of the
   lastest version of WP did the trick. Make sure that if you use timthumb image
   resizer that you upgrade to the latest version.
 *  [FMarion](https://wordpress.org/support/users/fmarion/)
 * (@fmarion)
 * [14 years, 1 month ago](https://wordpress.org/support/topic/hack-by-eval-base64-script-malware/#post-2670675)
 * Also, I have not tried the following, but perhaps this may help, I just fortuitously
   chanced upon it right now.
 * [http://wordpress.org/extend/plugins/timthumb-vulnerability-scanner/](http://wordpress.org/extend/plugins/timthumb-vulnerability-scanner/)
 *  [kmessinger](https://wordpress.org/support/users/kmessinger/)
 * (@kmessinger)
 * [14 years, 1 month ago](https://wordpress.org/support/topic/hack-by-eval-base64-script-malware/#post-2670709)
 * That will take care of the timthumb hack but you still will be infected.
 * Next you need to read and do all this, [http://codex.wordpress.org/FAQ_My_site_was_hacked](http://codex.wordpress.org/FAQ_My_site_was_hacked)
   
   [http://wordpress.org/support/topic/268083#post-1065779](http://wordpress.org/support/topic/268083#post-1065779)
   [http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/](http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/)
   [http://ottopress.com/2009/hacked-wordpress-backdoors/](http://ottopress.com/2009/hacked-wordpress-backdoors/)
 * [http://sitecheck.sucuri.net/scanner/](http://sitecheck.sucuri.net/scanner/)
 *  [merlynferns](https://wordpress.org/support/users/merlynferns/)
 * (@merlynferns)
 * [14 years, 1 month ago](https://wordpress.org/support/topic/hack-by-eval-base64-script-malware/#post-2670893)
 * my site is being hacked very often by eval base64 script, toolspack plugin was
   automatically installed. I’ve cleaned all files and removed toolspack plugin,
   also updated WP (plugins + theme) to latest version. Please let me know the root
   cause of this its been 3rd time my site is being infected.
 *  Moderator [Jan Dembowski](https://wordpress.org/support/users/jdembowski/)
 * (@jdembowski)
 * Forum Moderator and Brute Squad
 * [14 years, 1 month ago](https://wordpress.org/support/topic/hack-by-eval-base64-script-malware/#post-2670894)
 * [@merlynferns](https://wordpress.org/support/users/merlynferns/), have reviewed
   the links in this [post](http://wordpress.org/support/topic/hack-by-eval-base64-script-malware?replies=5#post-2734335)?
 * Also you have better luck starting your own thread instead of jumping on this
   one.
 *  [merlynferns](https://wordpress.org/support/users/merlynferns/)
 * (@merlynferns)
 * [14 years, 1 month ago](https://wordpress.org/support/topic/hack-by-eval-base64-script-malware/#post-2670895)
 * [@jan](https://wordpress.org/support/users/jan/), yes i’ve reviewed the links
   and cleaned all the files, changed admin password but not 100% sure if my site
   will be save as it keeps on getting infected every week. I’ve below listed plugins
   installed and updated
 * awsom-news-announcement
    event-calendar-3-for-php-53 improved-include-page nextgen-
   gallery wp-simple-paypal-donation
 * do you think any of them above may cause the hacker to inject code into my site?
 *  Moderator [Jan Dembowski](https://wordpress.org/support/users/jdembowski/)
 * (@jdembowski)
 * Forum Moderator and Brute Squad
 * [14 years, 1 month ago](https://wordpress.org/support/topic/hack-by-eval-base64-script-malware/#post-2670896)
 * > as it keeps on getting infected every week.
 * Either you haven’t succeeded in really delousing your WordPress installation 
   or you haven’t found and closed the door that the attackers keep walking in through.
 * Give the Smackdown link another read and also do these steps too.
 * [http://codex.wordpress.org/Hardening_WordPress](http://codex.wordpress.org/Hardening_WordPress)
 * That will prevent auto updates from working if you do it right, but for now that
   should be fine as you have bigger problems.
 * Make sure you are up to date and replaced all of your code from the source.
 *  [cynthiablue](https://wordpress.org/support/users/cynthiablue/)
 * (@cynthiablue)
 * [14 years, 1 month ago](https://wordpress.org/support/topic/hack-by-eval-base64-script-malware/#post-2670900)
 * I’m also getting hammered with this eval base64 hack. Over the weekend been trying
   various things to try to keep them out.
 * I deleted all the FTP accounts through my cpanel except one (that I use for my
   webcam). I’ve installed the Bullet Proof Security plugin, that helps me change
   permissions on various files to secure values, like the config file to 400. I’ve
   also installed Exploit Scanner, which identifies the hack, but sometimes it fails
   to run and I’m not sure why.
 * The WordPress Security page says to change permissions, but I need it black and
   white. What files, what numbers. Telling me to give read/write/execute is vague..
   I want the numbers please, and the files to secure. So far I have changed the
   index.php files to 444, which seems to keep them out. Changing permissions too
   tight makes the blogs uneditable and we can’t have that either. Bullet Proof 
   Security plugin also creates secure .htaccess files.
 * Been a couple days on a couple blogs and so far they haven’t gotten hacked again
   using these measures. I’m keeping a close eye. Is this a recent hack problem?
   It has only hit me within the last month or so. Before that, never had a problem
   with my wordpress blogs getting hacked.

Viewing 8 replies - 1 through 8 (of 8 total)

The topic ‘hack by eval base64 script malware’ is closed to new replies.

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 8 replies
 * 6 participants
 * Last reply from: [cynthiablue](https://wordpress.org/support/users/cynthiablue/)
 * Last activity: [14 years, 1 month ago](https://wordpress.org/support/topic/hack-by-eval-base64-script-malware/#post-2670900)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics