Support » Fixing WordPress » Malware or virus warnings – Exploit scanner – Help!!

  • I ran “exploit scanner” plugin on my wordpress blog and it turned 6 severe warnings on the following files (among others):

    wp-includes/gettext.php:310
    Often used to execute malicious code: eval(“$string”);
    wp-includes/classes.php:1508
    Often used to execute malicious code: eval(“\$query = \”$query\”;”);
    wp-includes/js/tinymce/themes/advanced/jscripts/about.js:49
    Often used to execute malicious code: var fn = eval(‘tinyMCEPopup.windowOpener.TinyMCE_’ + name + ‘_getInfo’);
    wp-content/themes/productum/includes/js/jquery-1.3.1.min.js:12
    wp-content/themes/productum/includes/js/jquery-1.3.1.min.js:19
    Often used to execute malicious code: t;string”){if(H==”script”){o.globalEval(I)}…
    wp-content/themes/productum/includes/js/pngfix.js:14
    Often used to execute malicious code: eval(function(p,a,c,k,e,r){ ….

    Is this something to worry about?. How will you proceed?

    Appreciated. Best regards

Viewing 3 replies - 1 through 3 (of 3 total)
  • Sorry to hear that

    Investigate further by reading http://codex.wordpress.org/FAQ_My_site_was_hacked

    actually those are “false positives” using legitimate eval codes
    many themes used will also show these

    Moderator Jon Cave

    (@duck_)

    I agree with Samuel that they are most probably false positives. However the first two matches:

    wp-includes/gettext.php:310
    Often used to execute malicious code: eval("$string");
    wp-includes/classes.php:1508
    Often used to execute malicious code: eval("\$query = \"$query\";");

    suggest that you are using a very old version of WordPress. Since the last version of WordPress that contained that code in classes.php was 2.6 (released July 2008) and the file no longer exists in 3.1.

    If you are concerned about security (and even you are not!) then I urge you to upgrade your WordPress install.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Malware or virus warnings – Exploit scanner – Help!!’ is closed to new replies.