Hack of all PHP pages (4 posts)

  1. amutch
    Posted 4 years ago #

    I just discovered that every PHP page on my WP site has been compromised. There was a .logs folder with a text file with URLs for porn sites in the root. Each PHP file had a long statement placed at the start of each file starting with:

    <?php /**/ eval(base64_decode("aWYoZnVuY3Rpb...

    I'm hosted on Dreamhost. I'm wondering if the exploit is via WP, mySQL or via Dreamhost. Anyone else seeing this problem?

  2. amutch
    Posted 4 years ago #

    I found in my theme folder (comment-central), two additional files:


    These appear to be the files that are infecting the rest of the files.

  3. amutch
    Posted 4 years ago #

    Looks like the fault is with Dreamhost. I'm finding hacked files in my Joomla install on the same host.

  4. The first thing to do is to change your FTP password and DH Cpanel password right away.

    Once that's done, unfortunately, you'll have to clean up the hacked sites.

    Here's a link with more info about hacked WP sites - http://codex.wordpress.org/FAQ_My_site_was_hacked

    Good luck.

Topic Closed

This topic has been closed to new replies.

About this Topic