Best Blackhat Forum

last thing , reply to 2nd poster , the site was not hacked the theme ,plugin was cracked by a cracker and he him self modified the code so people install it without knowing anything and what this shit does is , force re-directs users to his money site , to gain free traffic.

(02-12-2016 08:06 AM)hanna21 Wrote: [ -> ]here is more code to search

Quote: eval(gzinflate(base64_decode('Code')))
eval(gzinflate(str_rot13(base64_decode('Code'))))
eval(gzinflate(base64_decode(str_rot13('Code'))))
eval(gzinflate(base64_decode(base64_decode(str_rot13('Code')))))
eval(gzuncompress(base64_decode('Code')))
eval(gzuncompress(str_rot13(base64_decode('Code'))))
eval(gzuncompress(base64_decode(str_rot13('Code'))))
eval(base64_decode('Code'))
eval(str_rot13(gzinflate(base64_decode('Code'))))
eval(gzinflate(base64_decode(strrev(str_rot13('Code')))))
eval(gzinflate(base64_decode(strrev('Code'))))
eval(gzinflate(base64_decode(str_rot13('Code'))))
eval(gzinflate(base64_decode(str_rot13(strrev('Code')))))
eval(base64_decode(gzuncompress(base64_decode('Code'))))
eval(gzinflate(base64_decode(rawurldecode('Code'))))
eval(str_rot13(gzinflate(str_rot13(base64_decode('Code')))))

like i said catch up to what i said , if you want me to do pay for my time contact me hanna21460

Thanks a lot for your reply.

I've put the code
in Putty ssh, I made sure I was in the correct directory, this code created the file infectedfiles.txt correctly as you said however it did not get any text put inside this file.

Even if I search something I know for sure is in a php file it still does not find it and put it in infectedfiles.txt so I am not sure what is going on with this?

For example:
I know global $blog_id; is in wp-settings.php but it doesn't find it in Putty?

I do have multiple wordpress sites hosted in subdirectories on the server. It appears that the infected code had got into every single nav-menu.php on the server somehow, I have reinstalled Wordpress and deleted any suspicious plugins/themes.

Thanks