WordPress.org

Support

Support » Requests and Feedback » Hacked by theme-editor.php POST Injection?

Hacked by theme-editor.php POST Injection?

  • samburgers
    Member

    @samburgers

    Hi there,

    Just this morning, I have noticed that my blog was running quite slowly. Not the admin pages, but just the pages that are public.

    I took a look at the html of the page, and to my surprise, it was around 500KBs long! The culprit? At the end of my page, there were thousands of lines of html code injected, with “display:none” specified (as to only appear to text readers… aka search engines).

    I went to the root folders of the site in question, and it seems that blog had been hacked (with physical files added to their folders).

    So I deleted the html from my footer.php.

    This evening, I encountered the same thing, pages loading slowly, and not surprisingly, there was the same thing (although now, the links are different).

    Screenshot of a portion of the footer: http://i15.photobucket.com/albums/a397/samburgers/injection1.gif

    Then going to my FTP, I found the modification date to the footer.php file, which was Mar. 27 10:07pm

    Screenshot: http://i15.photobucket.com/albums/a397/samburgers/injection2.gif

    Thirdly, viewing my raw visit log from my host’s cPanel, I see that the person was able to inject code into my themes using POST injection methods?!

    Screenshot: http://i15.photobucket.com/albums/a397/samburgers/injection3.gif

    There are no other files that have been modified, and the ip range has now been banned from my site.. but this worries me…

    Is this something WordPress should look into to fix?

Viewing 6 replies - 1 through 6 (of 6 total)
Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Hacked by theme-editor.php POST Injection?’ is closed to new replies.