Help me find malicious script

  • niko150

    (@niko150)


    9 years, 10 months ago

    My client’s site got infected with a malicious script, the script is located in the footer area but there nothing suspicious in the footer.php

    My client’s footer.php has only one code there <?php wp_footer(); ?>
    Other codes are just html

    I decided to remove <?php wp_footer(); ?> and the malicious script disappeared from the source code, once you put it back, the script comes back again.
    So basically the script is being hooked from somewhere to the footer.

    After checking many files and access logs for any suspicious activity or any codes, I did not find anything.
    Then I ran grep command with these patterns
    base64_decode
    gzinflate(base64_decode
    eval(gzinflate(base64_decode
    eval(base64_decode

    Did not find anything.
    Also ran some rootkit scans, nothing came up.

    Anyone can guide me what to do next?

Viewing 3 replies - 1 through 3 (of 3 total)
Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Help me find malicious script’ is closed to new replies.