Site hacked Evil Base Code implemented in PHP files

Forum Moderators: phranque

Message Too Old, No Replies

Site hacked Evil Base Code implemented in PHP files

StylingDesigns

2:12 pm on Aug 8, 2011 (gmt 0)

I was writing an article for my blog which is in wordpress and when pressing save it said my site is Reported Attack Page!
and also for my Joomla main site

this is strange because the blog is in a subdomain but of course accesible with same hosting login (which I changed password for yesterday).

And I checked the php files of the blog and main site and in all of them can be found the added code:

eval(base64_decode("DQoNCg0KZXJyb3JfcmVwb3J0aW5nKDApOw0KJG5jY3Y9aGVhZGVyc19zZ..."));

All this code needs to be deleted from all php files and then maybe the site will work for 2 minutes and will go down again? what to do now?

[edited by: engine at 3:09 pm (utc) on Aug 8, 2011]
[edit reason] code and site obfuscated [/edit]

coopster

1:01 pm on Aug 18, 2011 (gmt 0)

Welcome to WebmasterWorld, StylingDesigns.

Search this site and you will find loads of information on how to recover from being hacked as well as discovery why you were hacked in the first place. Also, search for how to secure up your software installations such as WP.

reddem0n

2:08 am on Sep 1, 2011 (gmt 0)

Did you have an updated version of WordPress and Joomla? If not definitely suggest Coopster's recommendations on searching for other threads pertaining to your issue.