Site Hacked

Are you sure that you cleaned out any backdoors from the last hack?
https://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
https://ottopress.com/2009/hacked-wordpress-backdoors/

I think so – I deleted everything in the www root and created a new database.

In that case, it does look like it’s a host problem. Sounds like the server is insecure for one reason or another. Maybe it is time to start looking for another host.

Hi,
Is your site still showing as hacked now, or do you feel you’ve managed to get the situation under control?

I deleted all of the files and uploaded a clean copy of WordPress 3.3.1. I am using the same database though. All of my content is available again but I still need to set the theme up again and get the plugins working again.

Check out the wp-config.php file at the root installation of your wordpress, navigate to the end of the settings, check out the last line and see if there are many white lines afterward, if you did, then go and check the rest till the end, you will find some strange code being appended, and you will have around 4k lines in this file, check it out and get back to me.

wp-config is only 3kB, 91 lines. The final line is:

/** Sets up WordPress vars and included files. */
require_once(ABSPATH . ‘wp-settings.php’);

no i meant 4000 lines, check out if there is empty space (many lines)after it.

It’s definitely only 91 lines. There is one blank line after the final line. I do appreciate your help though!

Thanks but don’t even mention it.
Ok, check all your word-press plugins directories for the following files:

wp-ajax-gadget.php
zipper-class.php

Please tell me, if you have any of these.

All I have is the default plugins now – did you see that I deleted everything and uploaded a fresh copy of WordPress?

Yeah, I can
What I am asking about is a hack that stores itself in your database and not your installation files, no wonder, re-installing for million times won’t work.
However, if looking for these files inside your plugins folder, is a big issue, then forget it and forgive me.
Thanks.
Regards

I didn’t mean to sound ungrateful! In answer, no there is no wp-ajax-gadget.php or wp-ajax-gadget.php in the plugins directory.

No problem

Check out all your directories for names like:

.akismet.db
.akistment.cache

any files or folders starting with a period “.” in the plugins and wp-includes and wp-admin.

Before, deciding whether it’s a service provider or WordPress issue. Remember that all the plugins we install can be from experienced or inexperienced, aren’t they a possible backdoor?. Isn’t plugins the reason, wordpress.com was never breached? Right?. So, before we jump to any conclusions, there is a new suspect: not WORDPRESS but WORDPRESS PLUGINS. So, please be patiient, because a proper diagnosis is needed prior to any action that might be costly.