WordPress.org

Support

Support » How-To and Troubleshooting » [Resolved] Base64 Attack

[Resolved] Base64 Attack

  • danallenhouston
    Member

    @danallenhouston

    A few years ago, I got hit with a base64 attack, where code was injected into every php file on my wordpress site.

    I never got an explanation for how an attacker was able to alter my php files. It was not through ftp/ssh password/login, I was able to rule that out by looking at login logs.

    So how could anyone get to my php files?

    How can I make sure it never happens again?

    Why did this only affect my WordPress sites, not my other php sites?

    As always, any information or assistance will be extremely much appreciated.

Viewing 1 replies (of 1 total)
  • esmi
    Forum Moderator

    @esmi

    So how could anyone get to my php files?

    If the server was compromised, then the hacker will have had access to pretty much every file on every site on the server.

    How can I make sure it never happens again?

    Chose a good host that “sandboxes” sites so that access via one insecure site does not threaten others on the same server. And only download theme & plugins from reputable sources – like wordpress.org. I’d also recommend reviewing Hardening_WordPress.

    Why did this only affect my WordPress sites, not my other php sites?

    Hackers use scripts to target file structures that they are familiar with, so sometimes, only WordPress, or Joomla etc sites are effected. In other cases, all .php sites are hit using a common file like index.php.

Viewing 1 replies (of 1 total)
  • The topic ‘[Resolved] Base64 Attack’ is closed to new replies.