My wordpress site has been hacked. Through this program:
http://sitecheck.sucuri.net/ (…)
i found that it concerns 2 files (for now) and it is. js files.
….dk/wp-includes/js/l10n.js? ver = 20101110
….dk / wp-includes / js / jquery / jquery.js? ver = 1.6.1
It is some kind of Trojan (Cruzer B). The inserted (by the attacker) code is quite evident in both files (have seen it via Notepad)
The original code of one of the files looks like this:
function convertEntities (b) {var d, a, d = function (c) {if (/&[^;]+;/. test (c)) {var f = document.createElement (“div”); f. innerHTML = c; return! f.firstChild? c: f.firstChild.nodeValue} return c}; if (typeof b === “string”) {return d (b)} else {if (typeof b === “object “) {for (a in b) {if (typeof b [a ]===” string”) {b [a] = d (b [a ])}}}} return b}; was
Can I just manually delete the hacked code in both and expect that the site is working again or will I even destroy more stuff?
Download a new copy of WordPress (making sure to get the same version), extract it and see if the files are present.
If they are, replace the files in your installation with the originals.
If they’re not, you should be able to delete them.