WordPress.org

Ready to get started?Download WordPress

Forums

Security exploit of some sort?? (3 posts)

  1. cewyattjr
    Member
    Posted 4 years ago #

    We upgraded to 2.8.4 last week. I'm not sure this is related to WordPress per se, but this AM we noticed several files in our install were compromised last evening. Below is an example of the kind of call that appeared at the very top of several files including wp_config.php wp_settings.php as well as a number of files under ./wp-includes

    <?php eval(base64_decode('long long string of ascii text here...')); ?>

    Not sure yet if this is because of a given plugin, or is an FTP exploit, or what. It appeared on two of our hosted blog sites.

    The PHP error message which appeared from making an HTTP request was this:

    Fatal error: Cannot redeclare gjne() (previously declared in /home/deansblo/public_html/index.php(1) : eval()'d code:1) in /home/deansblo/public_html/wp-config.php(1) : eval()'d code on line 1

    So my sense is that the exploit may have failed (other than bringing our site down!).

    Thanks for any thoughts/wisdom on this!

    Chuck

  2. Rev. Voodoo
    Volunteer Moderator
    Posted 4 years ago #

    yup....you've been hacked too! So much fun.

    There have been a bunch of posts oh here recently related to code that looks exactly like what you just posted. Go ahead and search a bit for hacked or base64 and you should come up with all the info you need to pick up the pieces... you've gotta get this stuff cleaned up asap...

    Good Luck!

  3. Rev. Voodoo
    Volunteer Moderator
    Posted 4 years ago #

    here's alink that links to the info you'll need

    http://wordpress.org/support/topic/320507?replies=14

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.