[wp-hackers] Fwd: [Webmaster Central Help] Site hacked.
malaiac at gmail.com
Fri Nov 27 09:14:37 UTC 2009
it seems this is an exploit from older versions of WP.
One of my sites had been hacked with it. Upgrading to 2.8.6 and
overwriting the wp-settings.php file did the job.
---------- Forwarded message ----------
From: Google Help <noreply at google.com>
Subject: Re: [Webmaster Central Help] Site hacked. Search results
says: "Buy Cheap Viagra Online - Are You Looking For The Cheapest
To: malaiac at gmail.com
DerickSchaefer has posted an answer to the question "Site hacked.
Search results says: "Buy Cheap Viagra Online - Are You Looking For
The Cheapest Viagra ..."":
ingenuityworks, JRod and I found the code in side of WP-SETTINGS.PHP
the guidance provided by redleg. Basically, we went into a UNIX shell
and did a find command on all .PHP files that had the phrase
'base64_decode' in it. Three files surfaced and the obvious one was
the one that had the huge ugly string of funny characters in it. In
our case this was WP-SETTINGS.PHP. This could differ in your case.
Two solutions that you can't hurt yourself in trying. One, replace
wp-settings.php or simply upgrade WordPress to the next version.
If you want to search your files and find exactly where this is, go to
a UNIX shell and use the "cd" command to get where your wordpress
files are. For example, cd www <return> and then run a GREP command
like grep "base64_decode" *.php and it will tell you what it sees.
Great thread here guys and thanks to all who helped as this was a
nasty little virus to snoop out and get rid of.
View this question at the Google Help Forum
Unsubscribe from answers to this question
More information about the wp-hackers