We upgraded to 2.8.4 last week. I’m not sure this is related to WordPress per se, but this AM we noticed several files in our install were compromised last evening. Below is an example of the kind of call that appeared at the very top of several files including wp_config.php wp_settings.php as well as a number of files under ./wp-includes
<?php eval(base64_decode(‘long long string of ascii text here…’)); ?>
Not sure yet if this is because of a given plugin, or is an FTP exploit, or what. It appeared on two of our hosted blog sites.
The PHP error message which appeared from making an HTTP request was this:
Fatal error: Cannot redeclare gjne() (previously declared in /home/deansblo/public_html/index.php(1) : eval()’d code:1) in /home/deansblo/public_html/wp-config.php(1) : eval()’d code on line 1
So my sense is that the exploit may have failed (other than bringing our site down!).
Thanks for any thoughts/wisdom on this!
- The topic ‘Security exploit of some sort??’ is closed to new replies.