james9

All the suggestions above won’t help you most likely. I found similar code but in different exploits. Like you i updated WP, changed all passwords several times and sifted through files where i found multiple fake akismet versions labelled differently for different blogs i owned.

I removed these versions and updated them multiple times, but the buggy versions kept returning.

I recently started looking into my php security and found that my php.ini.sample file was infested with the same code you show above. I think my whole server is compromised, so waiting for my web host to look into it. The access the spammers had on me was such that they could add files to my wordpress installs at will, including changing folder permissions on command. Nasty stuff.

Wishing you good luck in getting to the bottom of your issues.

I also tried all above tricks and still the spammers return. I do have some nice variations of the akismet pharma hacks if you want to research this exploit (currently 5 versions). just message me lifesizedATgmail if you want to get the files. I scanned my machine for malware and found a few pieces. removed it. Cleaned my computer completely. Then i changed my FTP username/pwd and woke up the following morning with spam firing on all cyclinders still. I have to give the spammers credit. Whatever they are doing is pretty smart stuff and i also was guilty of sloppy wp updating for a while.