Best Methods to Clean Up a Hacked Site with No Clean Version Available

Wordpress Trojan issue

Use http://sitecheck.sucuri.net/scanner/

And tp repair, see FAQ: My site was hacked « WordPress Codex and How to completely clean your hacked wordpress installation and How to find a backdoor in a hacked WordPress and Hardening WordPress « WordPress Codex and tell your host. Change all passswords. Scan your own PC.

PHP regex to fix hacked Wordpress site

Apart from the comments advising a reinstall, the regex question at hand might be greediness. The .*? placeholder ought to match the shortest amount of characters, but sed might have some limitations regarding line length etc. (Not sure.)

But for constraining it further you could use [^>]* in its place:

 's#<?php /\*\*/ eval(base64_decode("aWY[^>]*?>##g'

This will ensure it can't run over a closing ?>. The base64 couldn't possibly contain this anyway.



Related Topics



Leave a reply



Submit