Another request or sed help to remove Base64 infection

maybe the same version of WordPress,
not the same physical server hosted
not the same hosts
not the same plugins, theme & configurations as the original poster? BUT the same problem…

Yes i will create a new post.

Please forgive me !!!

@hollosch: It is impolite to interrupt another poster’s thread with a question of your own. Please post your own topic.

itself deleted…

@hollosch: Are you using the same version of WordPress on the same physical server hosted by the same hosts with the same plugins, theme & configurations as the original poster? No? Then post a new topic. Any further posts from you in this thread will be deleted.

okay I found this other file that seems to fix a similar problem but a different encode string.

[Code moderated as per the Forum Rules. The maximum number of lines of code that you can post in these forums is ten lines. Please use the pastebin]

I tried replacing my code from the infected files but I just get parse errors. Anyone help? Please?

https://pastebin.com/9HENdrgH

pastebin link

I have the same problem with 20+ WP sites. They are all using WordPress 3.3.1. on Go Daddy

I am looking at this post to help some
https://www.ads-software.com/support/topic/all-my-plugins-have-disappeared

And I found this.. https://marketingsiden.dk/how-to-remove-god_mode_on-wordpress-virus/

@derrickyoung95 please follow https://marketingsiden.dk/how-to-remove-god_mode_on-wordpress-virus/ ‘s guide as @estjohn mentioned. If you need an one-liner to remove it, sed won’t help you but you can do it with perl:

https://www.dimitrioskouzisloukas.com/blog/index.php?blog=2&title=removing_the_god_mode_on_virus_from_php&more=1&c=1&tb=1&pb=1

I have the same problem with sites using 3.3.1 at godaddy ??

yep. me too, at dreamhost.

To everyone in this thread: simply using sed or grep to remove php scripts is not the way to correctly fix a hacked site. You must replace all core WP files, folders, all plugins, check your theme folder, and close some common security holes.

See FAQ: My site was hacked ? WordPress Codex and How to completely clean your hacked wordpress installation and How to find a backdoor in a hacked WordPress and Hardening WordPress ? WordPress Codex. Change all passwords. Scan your own PC.

Dreamhost has evolved into an easily hackable host. You need to consider changing hosts. Recommended WordPress Web Hosting (Unfortunately, Dreamhost is still listed as a recommended host.)

I’m having this issue too. GoDaddy shared hosting. I’ll be following up with this topic when I work though some of the suggested resolutions from @songdogtech and @lookfwd.

Thanks guys.
Z

Hello All~

Well, I can say with certainty now that my site (https://orthodoxdaily.com) has been restored 100% thanks to a few tips and tricks from @lookfwd. If you follow his link, and follow the instructions on the page that it takes you, you’ll find all your answers.

If anyone here has any questions about this process, I’ll be happy to help you.

Thanks and Happy WordPressing!
Z