Please help me to understand this PHP Hack

I have some trouble with my site, is hacked and some of my PHP file as change, here the code injected…

And now when i check my site on google insight, it redirected on a escort site…

agent=_SERVER[‘HTTP_USER_AGENT’];if(preg_match("/google/i", $agent)){header(“HTTP/1.1 301”);header(“Location:”);exit();}

It basically redirects all requests with “google” in their user agent to the URL in question.

1 Like

Yes i understand this, but how it is possible to do block that ? i already deleted the lines.

The file was change every 2/4 days and i dont find the correct solution to secure my site…

Block what? The redirect or someone tampering with your files? The latter should never happen and you might have some (possibly severe) security issue on your server. You will need to analyse what happened and patch whatever vulnerability there was (and potentially set the server up from scratch again).

My recommendation would be to hire someone to properly secure your server.

1 Like

Hello, I had exactly the same problem and it was the wp-load file that had put malicious code in it, I thought I could fix it with the wordfence plugin but after about ten days I got it out again. Did you manage to fix it somehow?

1 Like

I don’t find the solution… And The hacker modify my files Once a week ! My plugins are desactivated and i have no idea how it is possible :confused:

I’d hire a server administrator at this point.


I do that, and now i notice its is not only the php files but the htacces file ! How it is possible ??

Someone probably got access to your server in one way or another. This is where you’ll need an experienced system administrator to fix these issues and secure the server (and possibly set it up from scratch).

This topic was automatically closed after 30 days. New replies are no longer allowed.