Sadly, its necessary for me to leave these reminders here:
I have a shared host on Dreamhost that just got hacked to shit. A fairly standard hack, and nothing particularly inspired, but nevertheless some clients from years ago weren’t too happy. If this happens to anyone else, here’s the fix (for now)…
My shared host account got hacked-TFU last Monday. After looking a little closer it became clear that there had been more than one break in. Apparently my account also got hacked last November, three times in December (twice by the same hacker!) and once in January too, so for the past few months my server has had a back door like Dennis the Menace’s hanging pajama flap.
If your site got hacked on the last mass infection of WordPress sites out there, we have a simple solution to clean it up.
If you have SSH access to your server, run the following commands on your web root:$ find ./ -name "*.php" -type f | xargs sed -i 's#< ?php /\*\*/ eval(base64_decode("aWY.*?>##g' 2>&1 $ find ./ -name "*.php" -type f | xargs sed -i '/./,$!d' 2>&1
And, oh yes—don’t forget the spaces-in-filename clusterfrak:
Spaces in filenames can be a problem when using find | xargs combination.
To solve this, use:find . -print0 | xargs -0
This tells find and xargs to use the ASCII NUL character instead of space to end (separate) the filenames.