dmlabadie

Just a little FYI, while browsing my files on FTP a few minutes ago, I noticed that in the classic theme, prepackaged with WordPress, a file was added “archive.php” this file was over 100kb in size, which was the first thing to look out of place. After checking a copy of the WordPress download on my PC, I also noticed that the classic theme did not come with an archive.php file, inspecting the file, I found tons of code relating to what a previous post stated about eval(base64 ,etc, etc. I’ve since deleted that file as that is obviously one thing these hackers used to access my wp-admin and change the post-new.php files and such.

I hope this helps.

Yes, very weird, as I just found that it has happened to me for the third time now.

I too had this problem last week, and did the same by overwriting the wp-admin directory. Everything was fine, until tonight as I see that it has happened again. Passwords have been changed.

Anybody have any ideas how this is occuring? Is it a bug, or something worse?

Thanks in advance for any information.