Moderator
t-p
(@t-p)
try scanning your site here: https://sitecheck.sucuri.net/
Thread Starter
lonrot
(@lonrot)
Nothing but I learned it’s infected by eval(base64_decode().
I’m trying to upload a malware remover but my FTP provider prevents me from doing so and automatically deletes the php file:
https://www.raymond.cc/blog/automated-fix-wordpress-base64_decode-injection/
The FTP returns:
550-Virus Detected and Removed: EIG.PHP.WPAddFilter.FuncCall-1.UNOFFICIAL
Moderator
t-p
(@t-p)
Also, follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.
Thread Starter
lonrot
(@lonrot)
Thank you, I was able to unzip the cleaner script through my hosting control panel, from there it detected and deleted the base64, although some included crap wasn’t deleted. (For instance: “\x2fhom\x65/us\x65rs/\x77eb/\x62113\x36/mo\). My site is back, some nasty stuff might still be hidden but the worst is gone.
I will spend some quality time reading your recommended documentation. π
Thread Starter
lonrot
(@lonrot)
Tara, do I need to change my FTP password? Did the hacker/bot logged to my FTP through brute force?
How did I get infected in the first place?
Moderator
t-p
(@t-p)
I suggest change all your passwords – FTP, WP admin, database…