Support » Fixing WordPress » new hacking using base64_decode in some files

  • Hello all,

    I have found the following code:
    [Code moderated. Please do not post hack code blocks in the forums. Please use the pastebin]

    in the following files:
    ./index.php
    ./wp-includes/theme-compat/header.php
    ./wp-includes/theme-compat/footer.php
    ./wp-login.php
    ./wp-content/index.php
    ./wp-content/plugins/index.php
    ./wp-content/themes/index.php
    ./wp-content/themes/magazinum-child/index.php
    ./wp-content/themes/magazinum-child/header.php
    ./wp-content/themes/magazinum-child/footer.php
    ./wp-content/themes/magazinum/page.php
    ./wp-content/themes/magazinum/index.php
    ./wp-content/themes/magazinum/header.php
    ./wp-content/themes/magazinum/footer.php
    ./wp-admin/index.php
    ./wp-admin/network/index.php
    ./wp-admin/custom-header.php
    ./wp-admin/menu-header.php
    ./wp-admin/admin-header.php
    ./wp-admin/admin-footer.php
    ./wp-blog-header.php
    ./test/index.php
    ./test/wp-includes/theme-compat/header.php
    ./test/wp-includes/theme-compat/footer.php
    ./test/wp-login.php
    ./test/wp-content/index.php
    ./test/wp-content/plugins/index.php
    ./test/wp-content/themes/index.php
    ./test/wp-admin/index.php
    ./test/wp-admin/network/index.php
    ./test/wp-admin/custom-header.php
    ./test/wp-admin/menu-header.php
    ./test/wp-admin/admin-header.php
    ./test/wp-admin/admin-footer.php
    ./test/wp-blog-header.php

    So.. I could note this is trying to load a file named jquery-toggle.js which I think it has malicious code.

    What I did was to delete the plugin nextgen-scrollgallery (I was not using it).. and I’m scanning file by file and deleting the malicious code manually…

    But.. it would be great if someone here have any extra information about how I get infected and how to avoid this kind of problems in the future.

    NOTICE: I got another site hacked again but this time this was the code:
    [Code moderated. Please do not post hack code blocks in the forums. Please use the pastebin]

Viewing 5 replies - 1 through 5 (of 5 total)
Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘new hacking using base64_decode in some files’ is closed to new replies.