benanne
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: WP adding code to the end of url links breaking themWere any of you running 2.8.4 when this happened? Because I upgraded to the latest version immediately after discovering this, hoping that that would prevent it from happening again…
Forum: Fixing WordPress
In reply to: eval(base64_decode(…)) in permalinksIf I were you, I would check my user list to see if there are any admins in there that shouldn’t be there…
Forum: Fixing WordPress
In reply to: WP adding code to the end of url links breaking themSomeone should probably do a proper writeup about this, because there seems to have been an outbreak overnight.
It is important that everyone realises that just restoring the permalink setting isn’t enough; the hidden admin user has to be removed as well!
( My blog was compromised too: http://wordpress.org/support/topic/307588 )
Forum: Fixing WordPress
In reply to: eval(base64_decode(…)) in permalinksThanks, that is indeed exactly the same problem as the one I had. Maybe the extra information about the rogue user with administrator rights is still interesting, though.
Forum: Fixing WordPress
In reply to: eval(base64_decode(…)) in permalinksI just set it back to the default setting. Technically, I did remove the appended stuff in the database manually before that, but I don’t think that had any effect.
At any rate it can’t hurt to search the “options” table for any reference to “eval” or “base64” and clean that up. It also appeared in a row in “options” called “rewrite_rules”, I think. But that disappeared once I changed the setting back.
As I said, I don’t know if this has caused any other damage. The changed permalink setting rather seems like it is put in place to make further hacks easier to apply, although I have no idea how.