WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] I found an exploit (7 posts)

  1. I Dont use this account Anymore why is it still here
    Member
    Posted 1 year ago #

    Not sure what it is, but I found one.

    It looks a lot like this:

    https://www.badwarebusters.org/main/itemview/30862

    and it only runs when viewing the site in Internet Explorer surprise surprise.

    If you have this, check both the index.php in the root of your site and the index.php of your theme. You will see on the first line a php script which starts with gzinflate base64 - delete it, you should be ok.

  2. Doodlebee
    Member
    Posted 1 year ago #

    This isn't necessarily a security issue in WordPress. *your* site was compromised, and this added to your WordPress files, but this is not natively found in WordPress. You'll need to contact your host to see how the person got into your WordPress install and when/how they did this.

    This isn't an "exploit" unless you know *how* and *where* within WordPress the hacker got in through. This is simply a report of you - and you alone - being hacked through some method that could or could not be WordPress.

    You might want to take a look at Hardening WordPress in the codex to be sure you've followed these suggestions. I also like to run the plugin Better WP Security. But the hacker could have gotten in through many ways - even through another site on your server.

  3. I Dont use this account Anymore why is it still here
    Member
    Posted 1 year ago #

    Hi Shelley,

    I am aware it is not an issue with WordPress and it was a security issue of the site. As I maintain various WordPress sites and a regular here, I thought it might be helpful for the people out there who may be trying to find the fix for it.

    Nevermind.

  4. justingreerbbi
    Member
    Posted 1 year ago #

    Exploit meaning a security breach lol You fooled me

  5. I Dont use this account Anymore why is it still here
    Member
    Posted 1 year ago #

    Just bringing this back into light.

    You're right, it isn't an exploit, only initial signs of the issue were showing me it was as non WordPress sites were unaffected on the same server.

    However, 2 months on, I have found that it was an issue with WordPress running on IIS, namely permissions. Scanning the web this is a known issue which I believe I have found the answer too (finally!).

    Anyway, it was resolved, sorry Justin for misleading you! :s

  6. Samuel Wood (Otto)
    Tech Ninja
    Posted 1 year ago #

    AmmyKami83: No worries.

    If in the future you do find an exploit in WordPress, or a plugin, or a theme, then instead of posting it publicly, it's better to email it to security@wordpress.org, where the security team can check it out and see if there is a threat there.

  7. I Dont use this account Anymore why is it still here
    Member
    Posted 1 year ago #

    Noted, thanks Samuel :)

Topic Closed

This topic has been closed to new replies.

About this Topic

  • RSS feed for this topic
  • Started 1 year ago by I Dont use this account Anymore why is it still here
  • Latest reply from I Dont use this account Anymore why is it still here
  • This topic is resolved
  • WordPress version: 3.4.2

Tags

No tags yet.