[wp-forums] Any comments?
Mika Epstein
ipstenu at ipstenu.org
Tue Feb 19 14:44:23 UTC 2013
Seconding Gary here. Pharma can, and does, do just that.
WP doesn't store that data, though you can in the WP-config
On Feb 19, 2013, at 6:00 AM, Gary Gale <gary at vicchi.org> wrote:
> Just jumping in here ... this looks similar to the "Pharma Hack" - see http://www.mcritch.com/content/cleaning_wordpress_pharma_hack ... it may not be identical but it looks similar; custom injections into wp_options, entries called ftp_credentials ... seems worth a further look by the OP?
>
> -Gary
>
> --
> gary at vicchi.org | twitter.com/vicchi | www.linkedin.com/in/garygale | www.garygale.com
>
> On 19 Feb 2013, at 13:50, esmi at quirm dot net wrote:
>
>> <http://wordpress.org/support/topic/malware-in-db-how-to-identify>
>>
>> tl;dr: Clueful OP has been hacked, carried out full cleanup, hack immediately re-appeared in root.htaccess and theme header.php. In-depth check of db revealed FTP details stored in a serialized array in the wp_options.
>>
>> Question: Other than a plugin, is there any known scenario that would result in FTP details being stored like this?
>>
>> Mel
>> --
>> http://quirm.net
>> http://blackwidows.co.uk
>> _______________________________________________
>> wp-forums mailing list
>> wp-forums at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-forums
>
> _______________________________________________
> wp-forums mailing list
> wp-forums at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-forums
More information about the wp-forums
mailing list