WordPress.org

Support

Support » How-To and Troubleshooting » Dangerous wp-vars.php !? WARNING!

Dangerous wp-vars.php !? WARNING!

  • Hello, I’m using the latest WordPres 2.9.2 and today I noticed a nasty advertisment on my blog. Because my blog normally is free of advertisment I have decided to look for the problem.

    I found a place in my “footer.php” (from my template) where a foreign code was inserted. This code included a file file from “/wp-includes/” called “wp-vars.php”. I opened this file in my editor and noticed that the code in there was encrypted with Zend. I also found a file called “wp-version.php” in the same place which has the function of decrypting something with a base64 algorithm. This looked very suspicious to me so I deleted these files. This was really helpful because afterwards the nasty advertisment on my page was removed.

    But as I tried to write a new post on my blog I have noticed another terrible thing… I only get a blank page with a WordPress copyright footer if I try to access “/wp-admin/post-new.php”. I searched the web to get some information about this problem and I found some more bloggers who also have this problem. It seems to be a very new problem because all of them had this injection within the last two days and all of them use the latest WordPress version.

    You can see the blog-posts about this problem here:
    http://www.caracasa.de/2010/03/28/ich-wurde-gehackt-2/
    http://www.biggle.de/blog/merkwuerdige-wp-vars-php-im-footer/

    Has somebody already noticed this problem, too?

    Many Greetings from Germany

    Benny

Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Dangerous wp-vars.php !? WARNING!’ is closed to new replies.