Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Site hacked! Found "base64" in 2 files
#11
Before getting too drastic and doing brain surgery, you may have a few options. I backup parts of my server either weekly or monthly (depending on usage) and ALWAYS backup before a day of hard editing.

1) download your existing install.
2) If you have backups, you can use a program like Win Merge or similar and run a compare with one of your backups.
3) In your case, look for differences in .php files.
4) If all looks well, there is no reason to go through a fresh install.
5) Monitor closely for a month. If the back door is still open, they will be back and do it again. If you plugged the hole, this will be the end of the problem.

if on a linux system you can also do a "find -R..." and GREP and look for the "location..." or include text.
I wrote a set of PHP tools that allow server side pseudo Linux like tools that include a pseudo GREP find &  replace.
It includes a report only feature so you can decide if you really want to proceed with a command.

https://sourceforge.net/projects/php-toolbox/
Thanks,
jwzumwalt
(\__/)
(='.'=)
(")_(")
Reply


Messages In This Thread
RE: Site hacked! Found "base64" in 2 files - by jwzumwalt - 2016-03-08, 13:21:46



Users browsing this thread: 3 Guest(s)