View Single Post
Old 11-09-2016, 09:58 PM  
Fetish Gimp
Confirmed User
 
Industry Role:
Join Date: Feb 2005
Posts: 1,699
Quote:
Originally Posted by ravenazrael View Post
what is the dirs.php file supposed to do?
i think that is one of the issues. it has crap like this one
${S8TWxbKKKF("8Cw8}y27>v#")} = ${VpyOMClU(";ZC0b:wf~")}(Array(S8TWxbKKKF("2?@=") => Array(RoPOn5JDKcTm("70@5=3") => XcNWgTqO("xx}!"), HQZTMCcx4OL("20-13A") => S8TWxbKKKF("k::A3=D\\FLD:bI-=>;943G=D8XDXEFG\\8BFBU@>93=3@688"), S8TWxbKKKF("-::A3=D") => $content)));
Wordpress itself does not have any such file.

If you found that file on the root directory of your Wordpress install, and you're sure that all your plugins are safe, then it is highly likely access to your server has been compromised.

I would suggest trying this, in this order:
  1. Change all your server-related user/passwords (ftp/cpanel, ssh)
  2. Change all your Wordpress passwords
  3. Delete the dirs.php file you found

If the script issue persists after all that, then your problem is as serious as Google Expert's because infected files are hidden somewhere else in your server.
__________________
Strapon Seduction - femdom blog | Twitter
Fetish Gimp is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote