Security exploit of some sort?? | WordPress.org

cewyattjr
(@cewyattjr)

14 years, 6 months ago

We upgraded to 2.8.4 last week. I’m not sure this is related to WordPress per se, but this AM we noticed several files in our install were compromised last evening. Below is an example of the kind of call that appeared at the very top of several files including wp_config.php wp_settings.php as well as a number of files under ./wp-includes

<?php eval(base64_decode(‘long long string of ascii text here…’)); ?>

Not sure yet if this is because of a given plugin, or is an FTP exploit, or what. It appeared on two of our hosted blog sites.

The PHP error message which appeared from making an HTTP request was this:

Fatal error: Cannot redeclare gjne() (previously declared in /home/deansblo/public_html/index.php(1) : eval()’d code:1) in /home/deansblo/public_html/wp-config.php(1) : eval()’d code on line 1

So my sense is that the exploit may have failed (other than bringing our site down!).

Thanks for any thoughts/wisdom on this!

Chuck

Viewing 2 replies - 1 through 2 (of 2 total)

Rev. Voodoo
(@rvoodoo)

14 years, 6 months ago

yup….you’ve been hacked too! So much fun.

There have been a bunch of posts oh here recently related to code that looks exactly like what you just posted. Go ahead and search a bit for hacked or base64 and you should come up with all the info you need to pick up the pieces… you’ve gotta get this stuff cleaned up asap…

Good Luck!

Rev. Voodoo
(@rvoodoo)

14 years, 6 months ago

here’s alink that links to the info you’ll need

http://wordpress.org/support/topic/320507?replies=14

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Security exploit of some sort??’ is closed to new replies.

In: Fixing WordPress
2 replies
2 participants
Last reply from: Rev. Voodoo
Last activity: 14 years, 6 months ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics