The / Hack and how to get rid of it

- by

Saturday morning a couple of my sites were hacked by something I’ve not found a lot of info about. I’ll call it The Drunkjeans Hack. I’ve also found this being inserted from other domains (see below).

Some idiot has inserted a piece of code into the main index.php file that looks like this:


If you enjoy my content, please consider supporting me on Ko-fi. In return you can browse this whole site witout any pesky ads! More details here.

43 thoughts on “The / Hack and how to get rid of it”

  1. So far I know the INDEX.PHP files have been compromised – both in the WordPress directory and in the directory for the active theme.

    There has to be something else though because neither of these files are called in the WordPress Backend, and I can see them being loaded there too. I’ll keep digging and will report…

  2. It looks like we had our main site hacked late Thu / early Fri 8-9/July/2010. Ours is hand crafted html hosted on a dedicated server with a uk-based isp, so this isn’t just a wordpress issue. Hack added after closing html tag as in post:

  3. Ah, thanks for letting me know. The plot thickens. Which hosting company are you with? And what OS is your server running?

    I’ve experienced this with a 1and1 dedicated host in the UK (running CentOS 5 and Plesk 9.5) and also with a Hostgator shared package (don’t know what OS they run – but they use Cpanel instead of Plesk).

  4. ISP:, OS: some linux flavour!, uses CPanel.

    We noticed it first on Fri am with problems linking. Thought is it was a firewall issue initially. AVG (free version!) was the first to picked it up as a threat on an employees home computer.

Add your voice!

This site uses Akismet to reduce spam. Learn how your comment data is processed.