WordPress.org

Ready to get started?Download WordPress

Forums

new hacking using base64_decode in some files (6 posts)

  1. htobon
    Member
    Posted 2 years ago #

    Hello all,

    I have found the following code:
    [Code moderated. Please do not post hack code blocks in the forums. Please use the pastebin]

    in the following files:
    ./index.php
    ./wp-includes/theme-compat/header.php
    ./wp-includes/theme-compat/footer.php
    ./wp-login.php
    ./wp-content/index.php
    ./wp-content/plugins/index.php
    ./wp-content/themes/index.php
    ./wp-content/themes/magazinum-child/index.php
    ./wp-content/themes/magazinum-child/header.php
    ./wp-content/themes/magazinum-child/footer.php
    ./wp-content/themes/magazinum/page.php
    ./wp-content/themes/magazinum/index.php
    ./wp-content/themes/magazinum/header.php
    ./wp-content/themes/magazinum/footer.php
    ./wp-admin/index.php
    ./wp-admin/network/index.php
    ./wp-admin/custom-header.php
    ./wp-admin/menu-header.php
    ./wp-admin/admin-header.php
    ./wp-admin/admin-footer.php
    ./wp-blog-header.php
    ./test/index.php
    ./test/wp-includes/theme-compat/header.php
    ./test/wp-includes/theme-compat/footer.php
    ./test/wp-login.php
    ./test/wp-content/index.php
    ./test/wp-content/plugins/index.php
    ./test/wp-content/themes/index.php
    ./test/wp-admin/index.php
    ./test/wp-admin/network/index.php
    ./test/wp-admin/custom-header.php
    ./test/wp-admin/menu-header.php
    ./test/wp-admin/admin-header.php
    ./test/wp-admin/admin-footer.php
    ./test/wp-blog-header.php

    So.. I could note this is trying to load a file named jquery-toggle.js which I think it has malicious code.

    What I did was to delete the plugin nextgen-scrollgallery (I was not using it).. and I'm scanning file by file and deleting the malicious code manually...

    But.. it would be great if someone here have any extra information about how I get infected and how to avoid this kind of problems in the future.

    NOTICE: I got another site hacked again but this time this was the code:
    [Code moderated. Please do not post hack code blocks in the forums. Please use the pastebin]

  2. esmi
    Theme Diva & Forum Moderator
    Posted 2 years ago #

  3. htobon
    Member
    Posted 2 years ago #

    Thanks... I will be more careful next time..

    But do you know how they did it?

  4. esmi
    Theme Diva & Forum Moderator
    Posted 2 years ago #

    No. All we can say is that hackers managed to gain access to your server. How they did is best discussed with your hosts.

  5. htobon
    Member
    Posted 2 years ago #

    Anyway, many thanks for your help Esmi.

  6. esmi
    Theme Diva & Forum Moderator
    Posted 2 years ago #

    No problem. But do work through those links I posted above. If you do not clean the hack out completely, the hackers will just walk straight back in.

Topic Closed

This topic has been closed to new replies.

About this Topic