moebius77

…As per my experience, that should work…
Too bad the real experts that hang around this site and others can’t have a professional say on the thing…
P.d.: Make SURE you make a backup of your MySQL tables somewhere in between. The script doesn’t seem to affect your tables but just in case, hang onto those because that’s were all your blog info is.
You’ll find those in your PHP section of my 1and1.
That said, that’s the limit of my blog knowledge. I really hope it works and am crossing me’s fingers for you…
Don’t worry, you’ll be celebrating over a Foster’s in no time!
Peace,
V.

Hello, Vik79,
1) I lost my password so am logged in with nick.
2) I was also with 1and1, I suspect it’s a server virus script on their end: but I called and email them- to no avail.
3) Here’s the thing: that script is a smart little f*cker. If you leave just a string of it lying around, it’ll multiply and kill your site before you know it.
4) Actually, after I wrote this it came back up again, because it had leaked onto all the sites we host on 1and1.
5) So: you have to be absolutely sure you’ve isolated it. Compare your index.php files with the clean WordPress ones; you should be able to make out what the complete string is. Do not leave anything on there; at first, I left a <div> </div> because I thought it amounted to nothing; remember, it’s a hidden string. Make sure your index’ are just “<?php> silence is golden” or whatever the original WP has.
6) You have to clean all your pages, even static non-blog pages. I found it there too. Where there’s an index, there’s a way he’ll get on it. Actually, he didn’t make my other pages crash but web navigators would flare my site for “malicious script”.
7) Get into contact with whoever shares your server and has pages on it. We had 7 or 8 sites up; had to take them all down, erase the server completely, clean every page and put it back up. Yes, it takes time. Yes, it sucks. You’ve been served.
8) My “WP-Content” folder was FUCKED. Everytime I reinstalled, I got all kinds of errors. So I had to go from scratch: Reinstall WP, reinstall my theme, and plugins, one by one. Don’t worry, the WP database keeps track of your widgets and stuff so no major redesign is in order, but it’ll take you a minute or two.
9) Important: After you take everything off your server, change FTP access passwords. It seems the hack is coming from FTP clients (like Smart FTP) that keep passwords open and get stolen. So go to 1and1 and change that, tell whoever shares server with you to do the same, and don’t click the “remember password” box on your FTP client.
If you make sure every site on the server is clean, you change FTP passwords and upload it, technically, you should be ok. Of course, I’m no IT expert, I’m just a blogger. This site gets into the semantics of it all (and provides no solution whatsoever -gotta love ’em):
https://blog.unmaskparasites.com/2009/09/17/quicksilver-malware-network/
Good luck, I’ll be around but again, I know very little about programming. These are just my clumsy recommendations.
Vinz.