I used exploit scanner and it came up with possible malicious code on multiple pages.
These are the words it pointed out in different exerts. (I didn't want to paste the whole code-should I?)
<div id="extra_fields" style="display: none"></div>
eval(
String.fromCharCode
base64_decode
visibility:hidden
uname -a
shell_exec
YW55cmVzdWx0cy5uZXQ=
The problem is, I may have code that has been added but what should I do now?
(I don't even know what is legit code and what isn't)
Can someone help please?
What version of WordPress do you have? It sounds like you are running an old version.
The string you paseted decodes to anyresults.net, so without any more info it sounds like you got the anyresults.net hack which was around in June 2008 where traffic from google to your site is redirected away to a spammy site.
Info about that hack here:
http://lorelle.wordpress.com/2008/06/11/wordpress-blogs-and-more-hacked-by-google-redirects/
Of course you could have been hit by a later variant that takes advantage of a more recently discovered exploit.
That's a relief, I know what the problem is now.
Is there anyway to stop this...whilst I figure out how to fix it? I'll use 'smackdown' (thank you for that) but as I'm a noob it may take some time.
Thanks
Dean
Deand
