It may prove beneficial to the community to use pastebin.com to share that file by linking to it here and also use Sucuri to scan your site and share any results also.
Thank you for your reply. Here is a link to the file at pastebin:
[Moderator Note: Removed link to code used to exploit site]
Please rebuild site:
function current($token)
{
$func = 'ba' . 'se' . '6' . '4' . '_' . 'de' . 'co' . 'de';
return unserialize($func($token));
}
Is malicious base64 eval code.
You site has been compromised.
Start by changing all passwords (FTP/godddy/admins).
Then update WordPress, plugins and themes.
Seacoast Web Design, I’m not understanding your comment.
To others, I know my site was hacked. 13 of my sites were hacked on the same day at the same time over various hosting accounts. This isn’t one site with one PW.
My questions:
Has anyone ever experienced something similar?
Any suggestions on how all of the sites were hit simultaneously?
Any advice to prevent it from happening again?
Thank you.
Has anyone ever experienced something similar?
We see hacked sites every day here, unfortunately. 🙁
Any suggestions on how all of the sites were hit simultaneously?
Were they all on the same server or with the same hosts? Many hosts experienced problems due to mass attacks recently. Your hosts may have been one of them.
Any advice to prevent it from happening again?
Review Hardening WordPress as suggested above.
Thanks esmi. There were a total of 13 sites hacked on 5 different hosting accounts – all of them at GoDaddy – all at 5:17pm on May 18.
A colleague of mine had the same issue the next day with 11 of his WP sites on 4 different hosting accounts – again all at GoDaddy.
The big difference between his attacks and mine is that his hack included the installation of content and links related to ED medication. This caused one of his sites to get flagged by Google. None of mine experienced that, but the method was otherwise almost identical.
While I’m trying to get help to prevent this, I also am trying to alert people to look at their sites for a similar attack. I wouldn’t have known I was hacked if my colleague didn’t tell me about his hacks. After seeing his sites, I checked my own and found the offending code.
all of them at GoDaddy – all at 5:17pm on May 18
GoDaddy were definitely one of the hosts hit by the mass attacks. I assume you meant April 18 – not May 18, yes? If not, I’d like a ride in your time machine. 😉
esmi, yes, it was April 18, not May 18. I wish I had a time machine to go back and catch the bums that did this. Thanks for your info. The Hardening WordPress info is helpful.
I also found a plugin called Better WP Security. It does many of the things suggested on that page. Are you – or anyone reading this – familiar with it?