Roy
(@gangleri)
Just a silly question. You didn’t use your old files for the new installation, just like this fellow?
no – i did re-upload the new files because that thought had crossed my mind – so its not that silly a question
Are you also getting the “document.write” crap at the bottom of the file? I was up way too late last night figuring everything out. In my case it seemed to be an instance of the xmlrpc exploit which was fixed in the latest WP update. While that hole may be closed, a php shell could have been installed anywhere on your site before you updated. That includes non-system folders you may not have checked or removed when updating, or in my case, scripts were placed in my custom theme directory which I was dumb enough to copy back to my fresh WP installation.
Hi , I took Skitals advice and deleted everything but wordpress from the site. and did a fresh install of 2.3.3.
Sadly i have re-hacked.
What happens is that lots of spam links get appended to index.php
This is really starting to annoy me now. Haven’t these folk got better things to do than hack someones website for a little bit of google link juice?
Have you checked file permissions? You don’t, by chance, have everything at 777 do you?
nope php file chmod’d 644
admin and include folders 755
Did you change your user passwords?
I changed them when I was first hacked – do you think it might be necessary to change it again?
