eval base64 code? Malware?

  • Resolved Joerg

    (@yorck001)


    9 years, 1 month ago

    Hello.
    We have 20 clients on a Managed WordPress account on an Apache/Linux server. Today I discovered that ALL php files in ALL accounts are compromised with malicious code, always in the very first line of a php file. Please see an image from a wp-config.php file at

    https://www.jmbvirtual.com/badcode/

    According to the host company it is malicious base64 code that occasionally causes warning messages during WP log-in and has to be removed before greater damage occurs.

    If it would be just one site -no problem, we delete it and reinstall a clean version of everything. But not for 20 clients. My question is if anybody else had such bad code in their php files and can advise me on how to remove them with a tool maybe? Research led me to a well known company. They took a look at the code and offered removal for an exorbitant amount of money because so many files are effected…

    Thank you in advance. Any help would be greatly appreciated.

Viewing 2 replies - 1 through 2 (of 2 total)

  • I would look for the source of the problem first. Is there a plugin or theme that all sites share? A common library?

    Getting rid of it isn’t enough. Unless you identify the source of the bad code and eliminate it, you will continue to be reinfected.

    Thread Starter Joerg

    (@yorck001)

    Thank you, kjodle. I did identify the source which was a calendar plug-in. Because I am working with thousends of client files I didn’t want to take chances and hired a company to do the work.

    Thanks again.
    Joerg

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘eval base64 code? Malware?’ is closed to new replies.

Tags