WordPress.org

Ready to get started?Download WordPress

Forums

Base64 code - is it always a concern? (6 posts)

  1. Lins
    Member
    Posted 1 year ago #

    Hi there!

    Is base64 code always a concern when found in files?

    I'm asking because the plugin Exploit Scanner found it in several plugin files & in the wp-includes-class-wp-atom-server.php file.

    Plugins include
    Google Analytics for WordPress
    WP SuperCache
    Wp-Meetup

    My thinking is that I should re-install fresh copies of the plugins & a fresh WP-includes folder. Or do I only need the one file wp-atom-server.php?

    Or is it sometimes a false positive, and sometimes supposed to be there?

    Same with the "eval" code -- this also shows up in several of the plugins. Is that necessarily bad & the plugins should be re-installed?

    Would be very grateful for someone more experienced to confirm or call me out... Want to clean it up, just don't want to break this site.

    Thank you!

  2. WPyogi
    Volunteer Moderator
    Posted 1 year ago #

  3. Lins
    Member
    Posted 1 year ago #

    The plugins include
    Plugins include
    Google Analytics for WordPress
    WP SuperCache
    Wp-Meetup
    and the client installed SmartS3 Video Plugin which isn't from wordpress.org.

    The article on backdoors concerns me, as I'm not a programmer. If I reinstall a fresh copy of wordpress 3.5.1 and a fresh install of all the plugins, how do I test further?

    Thanks for your help.

  4. WPyogi
    Volunteer Moderator
    Posted 1 year ago #

    I'm really not at all an expert on that kind of thing. You should probably check with your hosting company because site hacks can be via a server hack. Check on your theme too - is it from a reputable source?

    If you need expert help, Securi is supposed to be very good.

  5. Lins
    Member
    Posted 1 year ago #

    Thanks WPyogi.

    In the Ottopress article it says
    "Base64_decode (and the similar uudecode) are the main way to find malicious code used today. There’s almost never a good reason to use them. Note the “almost” there, many plugins (notably the venerable Google Sitemap Generator) use base64_decode in legitimate ways. So it’s not exactly a smoking gun, but it is highly questionable for some randomly named file lying around to have that inside it."

    I was wondering if it could be legit, but there is a lot of the Base64 code showing up across several different files. Then, the free Securi scan as well as several other free online scans show this website as being "clean," so somehow they're either missing the code or I am over-reacting.

    Anyways... better safe than sorry I suppose. Thanks for your assistance.

  6. WPyogi
    Volunteer Moderator
    Posted 1 year ago #

    Yeah, it's hard to know for sure. But as Otto's article also says, the bad guys do a good job at hiding malicious code. I'd opt for the safe than sorry approach too :). But maybe do some looking into Google Analytics -- see if you find anything relevant.

Topic Closed

This topic has been closed to new replies.

About this Topic