Title: james9's Replies | WordPress.org

---

# james9

  [  ](https://wordpress.org/support/users/james9/)

 *   [Profile](https://wordpress.org/support/users/james9/)
 *   [Topics Started](https://wordpress.org/support/users/james9/topics/)
 *   [Replies Created](https://wordpress.org/support/users/james9/replies/)
 *   [Reviews Written](https://wordpress.org/support/users/james9/reviews/)
 *   [Topics Replied To](https://wordpress.org/support/users/james9/replied-to/)
 *   [Engagements](https://wordpress.org/support/users/james9/engagements/)
 *   [Favorites](https://wordpress.org/support/users/james9/favorites/)

 Search replies:

## Forum Replies Created

Viewing 2 replies - 1 through 2 (of 2 total)

 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [Hacked: mi.php & findwpconfig.php](https://wordpress.org/support/topic/hacked-miphp-amp-findwpconfigphp/)
 *  [james9](https://wordpress.org/support/users/james9/)
 * (@james9)
 * [15 years, 11 months ago](https://wordpress.org/support/topic/hacked-miphp-amp-findwpconfigphp/#post-1510227)
 * All the suggestions above won’t help you most likely. I found similar code but
   in different exploits. Like you i updated WP, changed all passwords several times
   and sifted through files where i found multiple fake akismet versions labelled
   differently for different blogs i owned.
 * I removed these versions and updated them multiple times, but the buggy versions
   kept returning.
 * I recently started looking into my php security and found that my php.ini.sample
   file was infested with the same code you show above. I think my whole server 
   is compromised, so waiting for my web host to look into it. The access the spammers
   had on me was such that they could add files to my wordpress installs at will,
   including changing folder permissions on command. Nasty stuff.
 * Wishing you good luck in getting to the bottom of your issues.
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [pharma hack](https://wordpress.org/support/topic/pharma-hack/)
 *  [james9](https://wordpress.org/support/users/james9/)
 * (@james9)
 * [15 years, 11 months ago](https://wordpress.org/support/topic/pharma-hack/#post-1519443)
 * I also tried all above tricks and still the spammers return. I do have some nice
   variations of the akismet pharma hacks if you want to research this exploit (
   currently 5 versions). just message me lifesizedATgmail if you want to get the
   files. I scanned my machine for malware and found a few pieces. removed it. Cleaned
   my computer completely. Then i changed my FTP username/pwd and woke up the following
   morning with spam firing on all cyclinders still. I have to give the spammers
   credit. Whatever they are doing is pretty smart stuff and i also was guilty of
   sloppy wp updating for a while.

Viewing 2 replies - 1 through 2 (of 2 total)