Hack of all PHP pages | ww.wp.xz.cn

amutch
(@amutch)

14 years, 3 months ago

I just discovered that every PHP page on my WP site has been compromised. There was a .logs folder with a text file with URLs for porn sites in the root. Each PHP file had a long statement placed at the start of each file starting with:

<?php /**/ eval(base64_decode(“aWYoZnVuY3Rpb…

I’m hosted on Dreamhost. I’m wondering if the exploit is via WP, mySQL or via Dreamhost. Anyone else seeing this problem?

Viewing 3 replies - 1 through 3 (of 3 total)

Thread Starter amutch
(@amutch)

14 years, 3 months ago

I found in my theme folder (comment-central), two additional files:

main.php
incwp.php

These appear to be the files that are infecting the rest of the files.

Thread Starter amutch
(@amutch)

14 years, 3 months ago

Looks like the fault is with Dreamhost. I’m finding hacked files in my Joomla install on the same host.

Christine Rondeau
(@crondeau)

14 years, 3 months ago

The first thing to do is to change your FTP password and DH Cpanel password right away.

Once that’s done, unfortunately, you’ll have to clean up the hacked sites.

Here’s a link with more info about hacked WP sites – http://codex.ww.wp.xz.cn/FAQ_My_site_was_hacked

Good luck.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Hack of all PHP pages’ is closed to new replies.

Tags

exploit

In: Fixing WordPress
3 replies
2 participants
Last reply from: Christine Rondeau
Last activity: 14 years, 3 months ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics