WordPress.org

Ready to get started?Download WordPress

Forums

Eval base64 - SOLUTION (4 posts)

  1. craziness
    Member
    Posted 2 years ago #

    ...and EASY solution, at that...

    I suffered severe eval base injections into all of my sites the past week or two. I have also been hacked, had the dancing little Mexican visiting my site hehe...sure it caused for a great laugh but also panic stations as I have clients that pay.

    My very awesome server-people advised me that I had been attacked and that it came from my plugins - they could not say which of course...

    Yesterday, after many hours trying to decode especially the functions.php pages - I decided to see if there is a "eval base64" detector plugin for WordPress. I found the Threat Scan Plugin, installed it. It installs under the "settings" option in your admin panel. I was amazed - it pointed out exactly which plugins was the "leak". It does nothing else but that, so you don't have to worry that it breaks code at all. You have to uninstall (delete) the plugins causing that, yourself.

    Do yourselves a favour and install this and delete the plugins it points out - MY WordPress sites was immediately saved, yours will be too! You MAY have to replace your functions.php file with the healthy one though, but you won't be sorry.

    Should you have tried to fix your site and broken it, perhaps your server-people would have a backup to reinstall - even if it is affected (which it should then be, if the plugin is in that backup). Don't panic, just do the above and relax.

    It sure worked for me.

    Happy blogging!

    PS:
    The Newsletter plugin and Mail plugin was two that I had to remove...can't remember which other. Be very careful and run the Threat Scan Plugin regularly, as perhaps with the updates of the plugins they sneak in their little eval base64 codes.

  2. kpgraham
    Member
    Posted 2 years ago #

    This is exactly why I created it. It is brute force and very dumb. It only took a few minutes to write, but it works. I have repaired many client sites using it.

    Thanks for the endorsement.

    Keith

  3. craziness
    Member
    Posted 2 years ago #

    I must tell you I fixed my site...after struggling the WHOLE day...in 5 minutes. What a relief..! THANK YOU!

  4. mgk
    Member
    Posted 2 years ago #

    I was using wingrep on the server (I have remote desktop) and this found some stuff that it had missed. Simple but effective!

Topic Closed

This topic has been closed to new replies.

About this Topic