WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] Is this a sign of malicious activity? (4 posts)

  1. tarambana
    Member
    Posted 4 years ago #

    Hi,
    Recently my blog was hacked (I think that´s the name for it) and I found, on top of lots of problems, base 64 code added to lots of the PHP files.

    I took all down and following instructions from very generous members here put the blog up again.

    I have not re installed any olf files and I´m looking through the "infected" database Backup and wordpress backup but I don´t know what is re'usable safely.

    I noticed that most of the database table have been dumped and re'loaded and wonder if that is a sign of the problems and I´m trying to identify what can be re'uploaded safely.

    here´s the code I think is suspicious:

    [HUGE chunk of code moderated for topic visibility - please use wordpress.pastebin.ca - or link to a file]

  2. tarambana
    Member
    Posted 4 years ago #

    Ooops... I didn't know...!

    but here it is:

    I found this script at the end of the wordpress XML bacpup file.

    <script src="http://pastebin.ca/embed.php/1831904.js"></script>

    link: http://wordpress.pastebin.ca/embed.php?id=1831904

    I've seen many pages with explanations on how to recover your blog after a hack but I don't know what I have too look for and take out from the WordPress backup file and backed up tables.

    This was part of the decoded base 64 strings I found on the php files.
    Just deleting this will make the backup safe to reinstall?

    I will post about what I think is the "bad stuff" on the database, but... one by one!
    Thanks a lot.

  3. tarambana
    Member
    Posted 4 years ago #

    I think the link on the previous comment doesn't work!

    I'll try again..

    http://wordpress.pastebin.ca/1831902

    Thank you

  4. Samuel B
    moderator
    Posted 4 years ago #

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.