Forums

WordPress › Support » How-To and Troubleshooting

[resolved] I found an exploit (7 posts)

  1. AmmyKami83
    Member
    Posted 6 months ago #

    Not sure what it is, but I found one.

    It looks a lot like this:

    https://www.badwarebusters.org/main/itemview/30862

    and it only runs when viewing the site in Internet Explorer surprise surprise.

    If you have this, check both the index.php in the root of your site and the index.php of your theme. You will see on the first line a php script which starts with gzinflate base64 - delete it, you should be ok.

  2. Doodlebee
    Member
    Posted 6 months ago #

    This isn't necessarily a security issue in WordPress. *your* site was compromised, and this added to your WordPress files, but this is not natively found in WordPress. You'll need to contact your host to see how the person got into your WordPress install and when/how they did this.

    This isn't an "exploit" unless you know *how* and *where* within WordPress the hacker got in through. This is simply a report of you - and you alone - being hacked through some method that could or could not be WordPress.

    You might want to take a look at Hardening WordPress in the codex to be sure you've followed these suggestions. I also like to run the plugin Better WP Security. But the hacker could have gotten in through many ways - even through another site on your server.

  3. AmmyKami83
    Member
    Posted 6 months ago #

    Hi Shelley,

    I am aware it is not an issue with WordPress and it was a security issue of the site. As I maintain various WordPress sites and a regular here, I thought it might be helpful for the people out there who may be trying to find the fix for it.

    Nevermind.

  4. justingreerbbi
    Member
    Posted 6 months ago #

    Exploit meaning a security breach lol You fooled me

  5. AmmyKami83
    Member
    Posted 4 months ago #

    Just bringing this back into light.

    You're right, it isn't an exploit, only initial signs of the issue were showing me it was as non WordPress sites were unaffected on the same server.

    However, 2 months on, I have found that it was an issue with WordPress running on IIS, namely permissions. Scanning the web this is a known issue which I believe I have found the answer too (finally!).

    Anyway, it was resolved, sorry Justin for misleading you! :s

  6. Samuel Wood (Otto)
    Tech Ninja
    Posted 4 months ago #

    AmmyKami83: No worries.

    If in the future you do find an exploit in WordPress, or a plugin, or a theme, then instead of posting it publicly, it's better to email it to security@wordpress.org, where the security team can check it out and see if there is a threat there.

  7. AmmyKami83
    Member
    Posted 4 months ago #

    Noted, thanks Samuel :)

Reply

You must log in to post.

About this Topic

Tags

No tags yet.