Forums

WordPress › Support » How-To and Troubleshooting

Hacked - @register_shutdown_function (5 posts)

  1. matt1027
    Member
    Posted 2 months ago #

    I'm running the current version, 2.8.4.

    I have WordPress in its own directory, not root. The root index.php of my site now has this code added before the normal code:

    <?php @register_shutdown_function("__sfd1252738106__");function __sfd1252738106__() { global $__sdv1252738106__; if (!empty($__sdv1252738106__)) return; $__sdv1252738106__=1; echo <<<DOC__DOC
    <!-- [ec36ac83687772ac241157982ff295d9 --><!-- 6018372521 --><noscript>

    --then tons and tons and tons of junk--

    </noscript><!-- ec36ac83687772ac241157982ff295d9] -->

    Then this at the bottom after the regular code.

    <?php error_reporting(0); echo "\n"; @__sfd1252738106__(); ?>

    Also, when I saved the page in HTMLkit for future reference, it had this name: hktCFD_index.php.

    What should I do about this?
    I'm using podPress for a podcast and this junk keeps iTunes from doing a manual podcast subscription.

  2. songdogtech
    Member
    Posted 2 months ago #

    Those are error reports that PHP throws; something is wrong with the plugin. Disable the plugin and see if you have the same code mess. Check the plugin web site for help.

  3. matt1027
    Member
    Posted 2 months ago #

    Thanks for answering so quickly.

    The junk in the middle of the code is spam advertisements like this and it filled up 93 screens when it printed out on FeedValidator.org.

    <!-- [ec36ac83687772ac241157982ff295d9 --><!-- 6018372521 --><noscript>

  4. songdogtech
    Member
    Posted 2 months ago #

    Sounds like a hack; it wasn't completely evident before. You need to clean and all that. Tell your hosting company, too.

    Wordpress Hacked FAQ

    How to clean a hacked Wordpress install

  5. matt1027
    Member
    Posted 2 months ago #

    Thanks for the info and the links. I appreciate it.

Reply

You must log in to post.

About this Topic

Tags