core index.php doesnt work without malware code

  • Hello

    My WP has been infected with malware on 01.nov.2021.
    I have cleaned and restored web and started to work normally 07.nov.2021

    10.dec.2021 my host blocked the web, since the web got infected again.
    I have checked, that it was actually infected 21.nov.2021 only two weeks after I have cleaned it after the first case, so probably the backdoor remained open and allowed to re-infect it again.

    Long story short, now it is clean again BUT, it doesn’t work. The reason for it – WP doesn’t like standard index.php file located in public_html directory. WP WANTS it to be the infected one.

    So basically, when I restore the infected index.php – then website works like a charm. With proper index.php I get an error 500. I am bad in JavaScript and php, so I can’t figure out what exactly forces WP to throw an error without the malware in index.

    Here is the full code from index.php

    Could someone please shed some light what should be done in such circumstances? Thank you.

    [link to malware removed by moderator]

    • This topic was modified 3 years, 3 months ago by a76.ltd.
    • This topic was modified 3 years, 3 months ago by a76.ltd.
    • This topic was modified 3 years, 3 months ago by Steven Stern (sterndata).
Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter a76.ltd

    (@a76ltd)

    Is there a way to embed the full code from pastebin directly in the forum? =/

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    No, please do not post malware here.

    Get a fresh cup of coffee, take a deep breath and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

    If you’re unable to clean your site(s) successfully, there are reputable organizations that can clean your sites for you. Sucuri and Wordfence are a couple.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘core index.php doesnt work without malware code’ is closed to new replies.