New Malicious code added to functions.php

Viewing 4 replies - 1 through 4 (of 4 total)
  • Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    Yes and please do not post malware code in these forums.

    Please remain calm and carefully follow this guide.

    When you’re done, you may want to implement some (if not all) of the recommended security measures.

    It definitely looks malicious, in which theme did you trace it.Hackers target funtions.php, header and index mostly to display their spam contents on the site.

    Thread Starter gschaefer

    (@gschaefer)

    i found it in on a clients website, it was the Mynt Mobile theme.

    luckily it was an old website and cpanel account we are taking down anyway so no harm done this time. I have seen plenty of other functions.php hacks with malicious code before like social.png but not that snippet before. Seems like a new and potentially more harmful variety. It looks like it gives the remote user admin access to me.

    PS; sorry for posting the code snippet, but thought the admins might like a copy.

    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    PS; sorry for posting the code snippet, but thought the admins might like a copy.

    Nope. ?? The code really is irrelevant. What is important that someone was able to arbitrarily place code that website.

    The client’s website still has to be deloused. Deleting the code isn’t enough, unless the attack vector is fixed it or a different compromise will just come back again.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘New Malicious code added to functions.php’ is closed to new replies.