[resolved] base64 malware all over my sites in the PHP files (5 posts)

  1. FormatMedia
    Posted 4 years ago #

    Hi, basically, everywebsite on my hosting (around 15 sites) have all been trashed with this base64 code and its in everysingle php file. It is also creating unsecure google redirects when you click on the site through google formatmediaonline.co.uk (type in 'advertising photographer cornwall' and it'll be on the first page (should be no.1))

    I spoke to my hosting company (BlueHost) about the unsecure redirects and they claimed it was google, so i spoke to them and they claim its the hosting company, so i spoke to them, and they said it was out of their scope. Then i looked in some php files and discovered this mass of base64 absolutely everywhere. I got back in touch with the hosting company (they didn't even notice it until i linked them) and they are saying its a plugin or theme with inproper code thats causing the malicious attack.

    Can anyone help with this or help identify the problem?

    I'm using theme atahualpa for all the sites and the only plugins that i have installed on all the websites are;

    All in one SEO
    Custom page order
    NextGEN Gallery
    oQey Gallery
    Simply Show IDs

    Obviously each website has its own plugins but these are the only ones that are found on all the websites. All the plugins and the theme is kept up to date, and i always ensure when a new issue is released i follow the instructions clearly and if i have a problem, i get in touch with an admin (gold member with atahualpa)

    If someone could please help that would be great =/

    Thank you

  2. esmi
    Forum Moderator
    Posted 4 years ago #

  3. d724
    Posted 4 years ago #

    Above sites are good ressources. It is very likely you have been hit with the god_mode_on virus. Check out this guide:

    which will teach you a general approach to removing the malware.

    BR D724

  4. FormatMedia
    Posted 4 years ago #

    Thanks for the links and info

    Been looking at that sucuri link, then SiteLock and wewatchyourwebsite.com aswel.

    Thinking about signing up with wewatchyourwebsite.com (too many sites on server to do it myself). Anyone have any experience with wewatchyourwebsite.com?

    Thanks again

  5. Robert
    Posted 3 years ago #

    WeWatchYourWebSite.com cleaned up the PHP infection on my site in 1 day. Very helpful and explained what was going on.
    See this Support post for details: http://wordpress.org/support/topic/iframe-injection-attack-wp-342-httplarvalpro?replies=7

Topic Closed

This topic has been closed to new replies.

About this Topic