WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] Hacked with SEO spam (1 post)

  1. hquadrat
    Member
    Posted 2 years ago #

    Hi all,

    on september 4th on of my sites got hacked, seems through an infected theme.

    The following 2 variants of malware were inserted into all php files
    http://pastebin.com/mAWWG1pZ

    and the following file wp-thumb-creator.php was placed in /home/...mydirs.../wp-content/uploads/ with also evil content http://pastebin.com/kQY9Y2Kh

    A start for fixing your stuff can be found here
    http://www.php-beginners.com/solve-wordpress-malware...

    and I wrote a regex myself to check the entire machine for bad files left over, if you know what ssh & bash are, this can help you with the search
    pcregrep -i -r -n -M --buffer-size=200K --include=.\.php "<\?php\s*\\\$md5\s*=\s*\"[a-z0-9]*\";\s*\\\$wp_salt\s*=\s*array" . > malcheck.log

    2 more links I found with additional info
    http://forums.oscommerce.com/topic/379540-site-hack-wp-salt-array/
    http://www.reddit.com/r/web_design/comments/k9ks4/i_desperately_need_help...

    Hope that can help somebody to clean his server.

    Good luck,

    hquadrat

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags