8 {{ upvoteCount | shortNum }}
8 {{ upvoteCount | shortNum }}

How to get rid of 'eval(base64_decode' hacks?

by willyboy104
7 replies
Hi all,

Just wondering what the easiest way of getting rid of the code eval(base64_decode followed by a load of encrypted code that hackers are putting on websites to help leverage traffic and links.

I have found this across a variety of my websites and it is deeming to be a very long task of which I am unsure if it will even make my sites safe.

Any ideas?
#evalbase64decode #hacks #rid
  • Profile picture of the author Valdor Kiebach
    I just highlite it then delete.

    You can go here to decode it to see what its doing:
    http://www.opinionatedgeek.com/dotne.../base64decode/

    Are you using wordpress?
    {{ DiscussionBoard.errors[8215584].message }}
  • Profile picture of the author willyboy104
    Yes all of my sites are using Wordpress.
    Signature
    If you want to learn how to make money online, no bullshit click here.
    {{ DiscussionBoard.errors[8215768].message }}
    • Profile picture of the author Valdor Kiebach
      Originally Posted by willyboy104 View Post

      Yes all of my sites are using Wordpress.
      You need to find out how you are being hacked as well as removing this code.

      Check your hosting directory and all sub directories to see if there is any script that shouldnt be there.

      In my experience there has been a file like 128546368.php or something just as cryptic, this needs to be deleted as well.

      Check the themes code you are using and change the permissions on all theme files to 555.

      Change your admin passwords and use a different name to admin.
      {{ DiscussionBoard.errors[8216293].message }}
  • Profile picture of the author Michael71
    If this code is inside your database or will be injected from other files just "deleting" won't help.

    I helped someone to delete malicious code from 17 blogs some time ago... it was not that easy as you might think.

    PM me the URL of your site/sites, I will do a check.
    Signature

    HTML/CSS/jQuery/ZURB Foundation/Twitter Bootstrap/Wordpress/Frontend Performance Optimizing
    ---
    Need HTML/CSS help? Skype: microcosmic - Test Your Responsive Design - InternetCookies.eu

    {{ DiscussionBoard.errors[8216152].message }}
  • Profile picture of the author RobinInTexas
    Install Wordfence It can scan your site and pinpoint many of those sort of problems.
    Signature

    Robin



    ...Even if you're on the right track, you'll get run over if you just set there.
    {{ DiscussionBoard.errors[8216166].message }}
  • Profile picture of the author persianprince
    If many of your sites are getting this injection, I would highly suggest you scan your computer with a program like http://www.malwarebytes.org/.

    Sometimes a virus on your computer will leak your FTP credentials to the hackers and they'll use this to access your accounts.

    As well as cleaning the malicious codes from the files that have been injected, you should also check for backdoors. If you don't remove them, they will just be able to access your sites again and again.
    {{ DiscussionBoard.errors[8217998].message }}
  • Profile picture of the author wordpressmania
    Hi, you need to check your site with sucuri.net ( I always use it when some one come to me with such problems ). Please check it out http://www.warriorforum.com/articles...re-secure.html
    Signature
    {{ DiscussionBoard.errors[8219753].message }}

Trending Topics