markuzzi
Forum Replies Created
-
One of the changes I observed is that the wp-settings.php mode changed from 644 to 755.
Also, regarding the pluggable.php, did it change to include something about a wpsdt4_license_key?
No, I have none of these plugins installed. I thought I might be wp-courseware.
Do you have a file like wp-includes/blocks/pullquote/.9c53ce5f.ccss? This contains lot’s of binary code that was included in wp-config.php. This is what I will investigate next.
I am not using Wordfence at all. My provider found the “virus” in a routine scan. I am still looking for the cause and did not yet redeploy anything.
Hi am experiencing the same issue… and took my sites from the web meanwhile. From de-obfuscating a few files, I can tell that the attackers can include and run (include()) files that are uploaded somewhere in a web form. Further, they can execute arbitrary code (eval()) that is contained in a form’s post or in cookies divided by a hashtag ‘#’.
If you have those users in your system, look for suspicious PHP files, e.g. in your wordpress’s root directory. Names look like ha2q4l7f.php. Further, files like wp-config.php might include additional files with very suspicious pathes deep inside your wordpress directory tree.Good luck!
and in easy-wp-smtp.php
$emails = explode(",", $this->opts['bcc_email']); foreach ($emails as $key => $email) { $phpmailer->AddBcc( $email ); }and
$mail->AddBcc( $email );for test_mail.Sorry for dripping code…
Update for multiple emails:
if ( isset( $_POST['swpsmtp_bcc_email'] ) ) { $emails = explode(",", $_POST['swpsmtp_bcc_email']); foreach ($emails as $key => $email) { $emails[$key] = sanitize_email( $email ); } $swpsmtp_options['bcc_email'] = join(",", $emails); }and
<input id="swpsmtp_bcc_email" type="text" name="swpsmtp_bcc_email" ...Thanks