Title: Suspected hack … "php $ikie =" Last modified: August 21, 2016 --- # Suspected hack … "php $ikie =" * [username required](https://wordpress.org/support/users/username-required/) * (@username-required) * [12 years, 11 months ago](https://wordpress.org/support/topic/suspected-hack/) * I suspect a hack. I found a file I don’t recognise called ‘comment-ignace-andrei. php’ * It contains the following … does anyone know what this is or means, and how to decode it? * Google fails me. * Thanks. _[**Please** don’t post hack (or suspected hack) code here]_ Viewing 3 replies - 1 through 3 (of 3 total) * [Krishna](https://wordpress.org/support/users/1nexus/) * (@1nexus) * [12 years, 11 months ago](https://wordpress.org/support/topic/suspected-hack/#post-3889316) * Can you link (URL) to your site? * Thread Starter [username required](https://wordpress.org/support/users/username-required/) * (@username-required) * [12 years, 11 months ago](https://wordpress.org/support/topic/suspected-hack/#post-3889341) * No, thank you. * I don’t want any additional attention until I have resolved this and hardened the site. * Can you tell me how to decode the initial string? * There is no harm to posting the rest because it means nothing in that format. I think it’s important for people to know because it does not come up anywhere in Google. * I’ve never come across “php $ikie =” before. * Perhaps it is just nonsense and a trial upload prior to a full attack? * Thanks * I’ll remove the most obvious codes strings and replace them with ….. , the rest will mean nothing. * **_[do no post any hacked code here]_** * [WPyogi](https://wordpress.org/support/users/wpyogi/) * (@wpyogi) * [12 years, 11 months ago](https://wordpress.org/support/topic/suspected-hack/#post-3889342) * These are the recommended resources for hacked sites: * [http://codex.wordpress.org/FAQ_My_site_was_hacked](http://codex.wordpress.org/FAQ_My_site_was_hacked) [http://wordpress.org/support/topic/268083#post-1065779](http://wordpress.org/support/topic/268083#post-1065779) [http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/](http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/) [http://ottopress.com/2009/hacked-wordpress-backdoors/](http://ottopress.com/2009/hacked-wordpress-backdoors/) * Additional Resources: [http://sitecheck.sucuri.net/scanner/](http://sitecheck.sucuri.net/scanner/) [http://www.unmaskparasites.com/](http://www.unmaskparasites.com/) [http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html](http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html) * There is no need to post hacked code here. It WILL be deleted, so please just don’t do it. Viewing 3 replies - 1 through 3 (of 3 total) The topic ‘Suspected hack … "php $ikie ="’ is closed to new replies. * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) * 3 replies * 3 participants * Last reply from: [WPyogi](https://wordpress.org/support/users/wpyogi/) * Last activity: [12 years, 11 months ago](https://wordpress.org/support/topic/suspected-hack/#post-3889342) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics