Support » Plugins » Possible infection found

  • The only bright side in someone coming to you with a hacked website is that you get to get to look for the bad code and learn from it. Yesterday, I acquired one that is very slippery and will require a reinstall and setup of WordPress. But, the old files are a good learning tool.

    Does anyone know whether there is EVER a legitimate reason for there to be code in index.php in the plugins folder beyond // Silence is golden?

    I found a considerable amount of code in this file with eval(), fopen(), etc. All very suspicious. I find that even legitimate plugins use eval(), which can be exploited.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    Does anyone know whether there is EVER a legitimate reason for there to be code in index.php

    There isn’t a legitimate reason.

    I found a considerable amount of code in this file with eval(), fopen(), etc. All very suspicious.

    Yes. *takes a deep breath* Very very EVIL actually!

    Sorry for yelling. 😉 I hope you’ve deloused your installation but there are other ways to learn coding then using such backdoors and malware code.

    Thread Starter MarjoriesDaughter

    (@marjoriesdaughter)

    Thanks for the answer, Jan!

    On this one, I’m not delousing as much as deleting! All files and database content will be totally wiped out with a re-install done. I just received permission from the client to do so, with a little help from the geeks at the web hosting company who shut the site down.

    I find that the problem with classes where they teach you HOW to set up WordPress and install plugins and the like also teach people how to really set themselves up for trouble. And, that is the case here. A gent took a WordPress class and went wild with theme changes and everyone’s favorite plugin that he “just had to have.” It’s like folks forcing their favorite “natural” remedy on you when you have a cold.

    I teach mostly code classes. Most students want something easier; so, they take other classes that avoid anything that looks like code or database backup or understanding file structure, etc.

    But, I’ve had a very interesting time doing the postmortem on the old files. And, the infected files will be a great lesson for my classes of fearless code learners! And, I will probably use them to scare the begeebees out of anyone else I can get to listen.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Possible infection found’ is closed to new replies.