[wp-forums] Any comments?
Gary Gale
gary at vicchi.org
Tue Feb 19 14:00:19 UTC 2013
Just jumping in here ... this looks similar to the "Pharma Hack" - see http://www.mcritch.com/content/cleaning_wordpress_pharma_hack ... it may not be identical but it looks similar; custom injections into wp_options, entries called ftp_credentials ... seems worth a further look by the OP?
-Gary
--
gary at vicchi.org | twitter.com/vicchi | www.linkedin.com/in/garygale | www.garygale.com
On 19 Feb 2013, at 13:50, esmi at quirm dot net wrote:
> <http://wordpress.org/support/topic/malware-in-db-how-to-identify>
>
> tl;dr: Clueful OP has been hacked, carried out full cleanup, hack immediately re-appeared in root.htaccess and theme header.php. In-depth check of db revealed FTP details stored in a serialized array in the wp_options.
>
> Question: Other than a plugin, is there any known scenario that would result in FTP details being stored like this?
>
> Mel
> --
> http://quirm.net
> http://blackwidows.co.uk
> _______________________________________________
> wp-forums mailing list
> wp-forums at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-forums
More information about the wp-forums
mailing list