Base64 eval malware troubles

wordpress

#1

I’m having huge problems with Base64/eval PHP code injections. This is happening on all domains hosted across my account. I’ve updated everything, installed Wordfence and Bulletproof plugins, verified appropriate file permissions, turned on extended sucurity for my domains, even subscribed to Sucuri for one domain… and it continues to happen every week. I’ve changed my passwords multiple times…

Are all of my domains getting hacked individually, or is there a way that someone is traversing the directories from my root? Is there a way to prevent that from happening?

What am I missing? This is taking up WAY too much of my lifespan dealing with this crap.


#2

this is sheer speculation, so just brain-storming here:

it sounds like you are probably using a hacked theme or plugin…possibly one you downloaded from a questionable source?

if this is the case, no amount of WordPress security is going to do you much good. You need to nuke your entire install and start fresh and only install plugins and themes from reliable sources…


#3

Themes are originals and plug-ins come from the repository.


#4

Have you:

updated all passwords to strong passwords
disabled FTP (in favour of SFTP)


#5

SFTP: Yes.

Passwords: Capitol letters, lower case letters, a punctuation mark and 2 numerals.


#6

Let it be known I’m a bit of a neurotic, but I would treat it like a hack: http://wiki.dreamhost.com/WordPress_Hacks

If you’re sharing all domains under one user, and ONE domain got infected, it can spread :confused: So that’s always an issue.


#7

Jesus… I never saw the “one domain per user account” policy before now. I think that’s the whole problem.

Thank you! I suppose I have to apologize to Sucuri now. :confused:


#8

They’re good guys, they’ll understand :slight_smile:

I would keep one domain per userID personally.