Posted 7 months ago #
The script modified the config-php file and added this code which checks the referring site and redirects based on the referring site.
For example, if from yahoo.com it redirected here: http://4domfay.mrslove.com/
It changed the first line of wp-config.php to this:
<?php eval(base64_decode("[ redacted, please do not post that here ]"));Is this a known bug and can it be fixed or what is the latest version?
http://wordpress.org/extend/plugins/google-sitemap-generator/
Posted 7 months ago #
Likely you are hacked and need to delouse your installation.
You need to start working your way through these resources:
http://codex.wordpress.org/FAQ_My_site_was_hacked
http://wordpress.org/support/topic/268083#post-1065779
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://ottopress.com/2009/hacked-wordpress-backdoors/
Additional Resources:
http://sitecheck.sucuri.net/scanner/
http://www.unmaskparasites.com/
http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html
http://codex.wordpress.org/Hardening_WordPress
http://www.studiopress.com/tips/wordpress-site-security.htm
You must log in to post.
