WordPress.org

Ready to get started?Download WordPress

Forums

eval base64_decode (9 posts)

  1. adamt07
    Member
    Posted 4 years ago #

    ok..so I'm getting hit with this freaking eval base64_decode javascript injection. I'm running 2.8.4. I had this problem earlier today, so I re-installed all the scripts and checked the database to make sure it was clear. Everything was working perfectly for a few hours and now I'm having the same problem. I'm getting this huge javascript injection on my wp-settings.php and my functions files for both WordPress and my theme files. I've done all the standard security fixes, months ago. I have no idea where this is coming from. Anybody else having this problem?

    Thanks

  2. Roy
    Member
    Posted 4 years ago #

    Read this and the articles linked to. You obviously didn't clean up properly and left the backdoor open.
    http://codex.wordpress.org/FAQ_My_site_was_hacked

  3. adamt07
    Member
    Posted 4 years ago #

    yep..did all that. htaccess files, changed passwords, re-uploaded all my files, everything I could think. Still getting it. I'm running the latest version (re-downloaded it just to be safe). If I can figure where it's coming in I'll post it.

  4. RF
    Member
    Posted 4 years ago #

    Did the same yesterday, replaced all the core files and checked the database and i thought it was clean. Today noticed that files were again injected with base64_decode and javascript files were altered as well with sweetworld.co.uk links.

  5. Roy
    Member
    Posted 4 years ago #

    If you're positive that it's not your installation, you might want to talk to your host to see if it's another website on the same server.

  6. MTITech
    Member
    Posted 4 years ago #

    We had this problem when multiple websites were hosted at the same account, such as:
    /home/site1/...
    /home/site2/...

    If one of the sites has a "dirty" compromised PHP script - it could get to all clean sites and infect them.

    To solve it either open separate hosting account for each domain or buy "reseller" account from hosting provider. There are possibly other ways to physically separate hosting spaces between domains. Reseller account likely to be more cost efficient.

    Mike

  7. adamt07
    Member
    Posted 4 years ago #

    They said they haven't had any problems. I'm thinking it might just be compromised FTP info. I'm about to change all my passwords and cross my fingers. I'm running a scan first to make sure I haven't picked up any bugs on my system.

  8. RF
    Member
    Posted 4 years ago #

    Replaced all the core files/changed passwords yesterday again and did another check to the files. It seems now that my problem is solved as site is still up and running. Perhaps I missed few files on the first time.

  9. MichaelH
    Member
    Posted 4 years ago #

Topic Closed

This topic has been closed to new replies.

About this Topic