Site Hacked – {HEX}.php.base64

  • Good Day,

    I wasn’t sure if this should be posted here or on the cPanel Forums. As a web host I have dealt with malware before, however, as of late one client seems to always be infected.

    The infected are always different and no it doesn’t seem to matter if WordPress is reinstalled, rehashed and the MySQL passwords changed.

    Last night I received 60 messages from CSF containing:

    Time: Tue Aug 18 08:39:30 2015 -0400
    PID: 7792 (Parent PID:5275)
    Account: USERNAME
    Uptime: 3722 seconds

    Executable:

    /usr/bin/php

    Command Line (often faked in exploits):

    /usr/bin/php /home/USERNAME/public_html/coach4food/wp-includes/SimplePie/Net/lib.php

    [moderated]

    I am using both Pyxsoft and ClamAV. According the Pyxsoft it is a {HEX}.php.base64.v23au.183.

    I am at a loss here. WordPress has been updated, all plugins are recognized and reliable. The malware has jumped to all of the users WordPress sites.

    Thanks in advance,

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘Site Hacked – {HEX}.php.base64’ is closed to new replies.

Tags