Hacked Site Question (2 posts)

  1. ahunte1
    Posted 3 years ago #

    Hi all,

    A site I manage has been hacked twice this month, both times with base64 code being injected into numerous PHP files.

    Since I changed all passwords after the first hack, I'm wondering if there is a different issue, but I'm not sure where to look.

    One thing I noticed is that all of the tables in my SQL database are renamed such that "_ndmpug" is in all the names, e.g. wp_ndmpug_posts.

    I'm not sure how to figure out what caused this or whether it's even a problem as a Google search comes up empty. Nothing seems amiss in the database content itself.

    Does anyone know where this renaming might have come from?


  2. Roscius
    Posted 3 years ago #

    If the hacker gained server level access to your MySQL account from the first hack, there still may be a problem. Did you change your DB password in wp-config? The DB table prefix is also set in wp-config.

Topic Closed

This topic has been closed to new replies.

About this Topic


No tags yet.