Site hacked or affected by virus

[MPC]

My luck as run out. It's my turn!
xxhttp://www.mypokercorner.com
Parse error: syntax error, unexpected '<' in /home/thejudge/public_html/wp-includes/default-filters.php on line 231

A quick search seems to point to a hack. Since there's a lot of WP users here, I'm sure someone must have had this problem before. If so, can you explain how to resolve. I'm unable to fix this for a while. Getting in a car and driving for 3 hours now... So it is what it is I guess. But if someone can be of assistance, please post. This is WP 2.9. I never upgraded to 3.0 after reading some of the horro stories that were posted.

[Ridge]

I'll have Eric check it out ASAP

[imteaz]

Same happened to my 5 sites! i was able to clean up 3 sites from virus and trojan but 2 of them was impossible, so i just update wordpress and worked fine. so you just need to make sure you have your database user and password saved. then have your theme back up, that's all you need for the update.

good luck.

[MPC]

Yeah, this is much worse than I thought. All my sites are affected, including non WP sites. Fuck...

[MPC]

I found out that if you visited any of my non WP sites, the trojan tries to install itself on your PC. Had to shut them all down.

Now we'll see just how good my host support is.

[MPC]

As usual with this company, support kicks ass. They responded to my ticket within 15 minutes. They have several backups, listed the dates and asked me to pick one. insiderhosting.com if anyone cares. I've been with them since day one. Never failed me once.

[MPC]

I really don't know what to do anymore. I've restored my sites 4 times now. I even did a clean WP install on multiple sites and used the import feature to get the content back in. A few days later, I get hacked again. I just can't keep up. I get the sites back up, the go down in a matter of days after. I even have a new site that I reinstalled from scratch. It has 2 posts. It's still getting infected with the same crap that's hitting MPC.

All my js files, index.php and a couple of specific php files get modified. I am fucking feed up and I really dont' know what the next step is. I mean, if a clean install doesn't cut it, what the hell am I suppose to do?

Anywya, I'm going to *try* to enjoy the rest of my vacation and not worry about this POS for now.

[LadyHoldem]

Is it something u use across the bored on all sites? A script.. ?

If you move one site to a new host .. reinstall and all that.. does the problem still come back on that site?

[pokerworx]

I had something like this happen before maybe its your ftp that is hacked? I would use a different one do a clean install and lock everything using chmode that is not in use.

Get Malware Bytes and scan everything on your computer including all your website files it should find anything thats bad the free version will do and if your computer is anything like mine it will take about 4hrs to do a complete scan.

[Jibninjas]

As the above poster said, it could be an issue with your computer that is allowing the FTP to be hacked. Did you change the password for FTP access? Use a password generator from a program like keepass.

Run the MBAM that pokerworx suggested and see if it comes up with anything.

Make sure that any file that connects to the DB is properly secured (assuming that you have the password in that file).

Personally I would uninstall any FTP client that you currently have on your computer (do this before you change your ftp password) using revo uninstaller. Then try just using the host ftp for a few days or so until you know that you are in the clear.

As was mentioned before you should probably take out any 3rd party scripts that you are running and possibly have someone take a look at them for malicious code.

Unfortunately, I think that all of this must be done in order to narrow down where the issue is as it seems to be very persistent.