Found the domain hacking my wordpress
 

KoMexX.net

found his domain name inserted into my wordpress theme.. which leads to that website. what gives man with these guys?

Bots man.. we're the last humans left.

clean out then secure your wordpress

stop downloading nulled plugins and themes from free dl sites. You dont think all those cool plugins and themes that you are suppose to pay for are being shared by kind uploaders who just want to share the love. most are coded with injection scripts that bleed a percentage of your traffic from your site.

easy fix just ssh into your site and grep -nr komexx.net /www/wordpress/wp-content
or whatever the path to your wp is on your server and find what plugin or theme contains instances of this domain and delete the whole plugin or theme.

I suggest adding -i (case insensitive compare) to the grep options, so it catches mixed capitalisation instances like "KoMexX.net" too.

grep -nri komexx.net /path/to/wp-content/

Also it's possible that the plugin has stashed a file outside of that directory, or obfuscated the name so that a simple text search won't find it (eg $domain = "kom"."exx".".net")

also search for 'base64_decode' and 'eval'

Install OSSEC and clamav with maldet for daily scans.

Save your wp-config.php file, uploads folder, and your MySQL database (after making sure all 3 are clean) and just redownload a fresh copy of Wordpress and then put your wp-config.php and uploads folder back and your MySQL database. Run a scan on everything and then you should be good to go.

script kiddies.