AddyBean

Ah. Well then… That’s not going to work for my store. Thanks anyway.

Edward, just wanted to say thank you for posting that response! When I called in to Paypal I must have gotten the wrong department, and he was trying to tell me something was wrong with my site. When I read your email to him he immediately recognized that it was something wrong with API and was able to help correct the issue with the missing shipping charges and answer my questions. Thank you for making this an easy fix!

Yes! https://blog.sucuri.net/2014/07/remote-file-upload-vulnerability-on-mailpoet-wysija-newsletters.html

I’m in the process of backing everything up and plan to wipe out the whole WordPress directory and reinstall. I’m not sure if there are added files in there, but many of the existing ones have been modified with an eval and base 64 code at the top. It looks like it’s managed to get into everything, not just the uploads area.

What I can’t figure out is if it could have inserted itself into the database proper, or if it just modified the WordPress directory. I’m hoping a reinstall alone will take care of it. Not sure how to go about checking the database for issues. Been through those links that keep getting posted here everytime someone says they’ve been hacked and still can’t find an answer to the db question.