wordpress sites hacked - looking for information
The hack put code into a lot of pages on most of my hosted sites. The code started with "<?php $_8b7b=" and continued with a bunch of encrypted code.
I found files in each website directory with names similar to
period_ginny.php
environment_miguel.php
One htaccess file that I looked at had this at the top of it
<IfModule mod_rewrite.c> RewriteEngine On RewriteOptions inherit RewriteCond %{HTTP_REFERER} .*(msn|live|altavista|excite|ask|aol|google|mail|bing|yahoo).*$ [NC] RewriteRule .* <SWEEPSTAKES SITE - COULD NOT ADD TO POST> [R,L] </IfModule>
I will again go through and change all passwords (which I did before), and follow all the suggestions that my host has given me. Any suggestions from you all?
Anyone know what this hack is doing?
If I should post in another section of this forum, please let me know. Thanks in advance.
- Social Media Marketing Strategy & Consulting
- Custom Wordpress Website Design & Blogs
- Wordpress Speed Demon? Click Here!
- Live the life you love... now!
This blog is awesome: http://www.robkonrad.com/blog. Read it.
================================================== ===
Cassidy
One doesn't discover new lands without consenting to lose sight of the shore for a very long time.