idoenk's Replies | WordPress.org

Forum Replies Created

Viewing 2 replies - 1 through 2 (of 2 total)

Forum: Plugins
In reply to: [Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin] malicious files uploaded
idoenk
(@idoenk)

7 years, 10 months ago
I think coz it ring a bell to other, that we facing the same issue., Why dont redacted name replaced with lil bit obfuscated but still pointing to something like [redacted]
- This reply was modified 7 years, 10 months ago by Steven Stern (sterndata).
- This reply was modified 7 years, 10 months ago by Steven Stern (sterndata).
Forum: Plugins
In reply to: [Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin] malicious files uploaded
idoenk
(@idoenk)

7 years, 10 months ago
One of prevention that might avoid this attack successfully infect all of your (index) files is to add .htaccess in /uploads and prevent non-asset files for being executed.

From what I remember, target wp files to infect were:
/index.php
/wp-admin/index.php
/wp-content/index.php
/wp-content/plugins/index.php
/wp-content/themes/index.php
/wp-content/themes/<themedir>/index.php
/wp-content/themes/<themedir>/header.php

Notice chmod files also modified to 777, turn it back to 644.

Infected host will somehow include & load external asset files, and might redirect to lalaulala..

I’ve experience this too, not sure how hotfix should be made, but uploaded payload suppose not to be effective to modify other files.

https://stackoverflow.com/questions/8414840/prevent-upload-php-script-to-be-executed/8415600
- This reply was modified 7 years, 10 months ago by idoenk.
- This reply was modified 7 years, 10 months ago by idoenk.
- This reply was modified 7 years, 10 months ago by Steven Stern (sterndata).

Viewing 2 replies - 1 through 2 (of 2 total)