WordPress.org

Ready to get started?Download WordPress

Forums

wp-phpmyadmin (6 posts)

  1. dudewalker
    Member
    Posted 2 years ago #

    I just recently went through a 2 day ordeal, wherein, multiple IPs have been used to exploit the wp-phpmyadmin installation on my websites.

    Apparently it created a backdoor and allowed exploits to inject code and create and { html:IFrame-PE [Trj] }.

    A very persistent attacker which set off Avast Antivirus..., but no other anti-virus programs.

    It took some time to determine whether the alert was valid, however, HostGator was able to verify it was an authentic alert and began digging.

    It ultimately exploited these files:

    /home/********/public_html/index.php
    /home/********/public_html/bakkehomes/index.php
    /home/********/public_html/wp-content/w3tc/min/index.php
    /home/********/public_html/bakkehomes.com/index.php

  2. davidjmcclelland
    Member
    Posted 2 years ago #

    Had this too. Auto re-install of WordPress removed it in about 1 second. But first I had to spend 30 minutes feverishly rooting around in the site before it occurred to me : )

  3. esmi
    Forum Moderator
    Posted 2 years ago #

    If there is a serious issue with this plugin, then please contact plugins@wordpress.org with the plugin's name and the details of the issue.

  4. davidjmcclelland
    Member
    Posted 2 years ago #

    I haven't been able to connect this to a specific plugin. I did have an auto-resizer plugin and I uninstalled and deleted it. The exploit came back about an hour after I reinstalled WP.

  5. Xeronimo
    Member
    Posted 2 years ago #

    Anyone found a solution to this yet?? I get re-infected too ... Thanks!

  6. davidjmcclelland
    Member
    Posted 2 years ago #

    1. I exported my wordpress database and downloaded all media
      Wiped my files from public_html
      Dropped WordPress DB using PHPMyAdmin
      Changed all passwords - WP, PHPMyAdmin, site cpanel
      created new WordPress manually (not using CPanel) in a different directory than used previously (drawback: existing links to my blog now go to 404 page)
      Changed the DB table name prefix in config to something other than "wp_", admin account to something other than "admin"
      Found a plugin to relink all URLs to new location
      Locked down the wp-config file chmod to 600
      re-imported db
      Virus-scanned media
      Uploaded media
  7. This is a major PITA I could have avoided if I knew to do all this years ago when I set it up. WordPress needs to do a better job of hardening at install IMHO.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags