[wp-forums] Any comments?
bc works
bcworks at gmail.com
Thu Feb 21 18:59:24 UTC 2013
I can't provide a specific example, but this brings up a related issue I'd
very much like to understand better.
We know some hacks store info in the DB, much as the pharma hack does, or
the referenced OP's. What I'd like to know is how does the hacker exploit
this info if all other PHP code is completely cleaned or restored, and all
access credentials (FTP, cPanel, WP Admin, etc.) are changed to strong
passwords?
The only scenario I can imagine is some small bootstrap code that is easily
overlooked is run to extract the DB info and enable reinitialization of the
full hack. Without some such code or access credentials, I cannot see how
storing info in the DB benefits the hacker. How is this info accessed? What
am I missing in how these DB hacks work?
-bc (Glenn)
----------------------------------------------------------
esmi at quirm dot net wrote:
tl;dr: Clueful OP has been hacked, carried out full cleanup, hack
immediately re-appeared in root.htaccess and theme header.php. In-depth
check of db revealed FTP details stored in a serialized array in the
wp_options.
Question: Other than a plugin, is there any known scenario that would
result in FTP details being stored like this?
Mel
More information about the wp-forums
mailing list