Just to make a record of it, I got hacked on Dreamhost last week and had persistent issues. It turns out it was a very extensive hack that might have been caused by outdated WordPress installations or an outdated timthumb.php script.
So here’s a list of files from the different domains that were added to at least 10 different domains. If you ever see any of these in your WordPress installation, delete them. They are rogue files with malicious scripts.
(You can tell these are rogue because they don’t follow the standard comment format you usually see at the top)
/wp-includes/post-template.php (don’t delete this file, but look in the middle for a huge base64 injection. you can replace it with standard file from wordpress zip file)
Most or all of these files had a long string of base64 code at the top, and a few of them had a function script at the bottom.
A good place to secure WordPress is here:
- The topic ‘WordPress hacked files to delete or update when you've been hacked’ is closed to new replies.