Support » Fixing WordPress » Security exploit of some sort??

  • cewyattjr

    (@cewyattjr)


    We upgraded to 2.8.4 last week. I’m not sure this is related to WordPress per se, but this AM we noticed several files in our install were compromised last evening. Below is an example of the kind of call that appeared at the very top of several files including wp_config.php wp_settings.php as well as a number of files under ./wp-includes

    <?php eval(base64_decode(‘long long string of ascii text here…’)); ?>

    Not sure yet if this is because of a given plugin, or is an FTP exploit, or what. It appeared on two of our hosted blog sites.

    The PHP error message which appeared from making an HTTP request was this:

    Fatal error: Cannot redeclare gjne() (previously declared in /home/deansblo/public_html/index.php(1) : eval()’d code:1) in /home/deansblo/public_html/wp-config.php(1) : eval()’d code on line 1

    So my sense is that the exploit may have failed (other than bringing our site down!).

    Thanks for any thoughts/wisdom on this!

    Chuck

Viewing 2 replies - 1 through 2 (of 2 total)
  • yup….you’ve been hacked too! So much fun.

    There have been a bunch of posts oh here recently related to code that looks exactly like what you just posted. Go ahead and search a bit for hacked or base64 and you should come up with all the info you need to pick up the pieces… you’ve gotta get this stuff cleaned up asap…

    Good Luck!

    here’s alink that links to the info you’ll need

    http://wordpress.org/support/topic/320507?replies=14

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Security exploit of some sort??’ is closed to new replies.