Hoping one of you gurus can help me out here
One of my websites got hacked or infected (unsure what it actually is) last week. After I experienced some strange admin panel behavior I had a feeling that every directory's index.php file was affected (as those are the files hackers usually sort of 'deface' in Wordpress and alas, it was!
Every index.php in my wordpress directories contained the following line of code (and nothing else - everything else had been wiped):
Here are the steps I've taken in an attempt to fix it:Code:<?php // Silence is golden. ?>
* deactivated all my plugins
* uninstalled a theme I recently installed (and completely removed it)
* Backed up my database tables (.sql file)
* backed up my plugins and images folders
* Wiped everything off the server
* Re-installed wordpress & uploaded backups
* Imported sql database tables
The site's admin side is still acting up while the front end seems fine. I checked the index.php files again and they still contain the above 'silence is golden' line of code.
How can this be? I have a fresh Wordpress installation directly from Wordpress.org...? I haven't activated the plugins either... It can't be my plugins because I've been using the very same set of plugins and have kept them updated for 2 years without hassles.
There is something fishy in the database tables though... I noticed a table called fssstats among all the wp_tables... I was wondering whether it might be an sql injection infecting my index.php files?
I also extracted the Wordpress installation package onto my local HDD in an attempt to FTP the individual index.php files but when I checked the freshly unzipped Woedpress folders out of curiosity... I noticed that they also contained.......................
Code:<?php // Silence is golden. ?>
What the hell is going on!?