[wp-hackers] OT: Decoding injected scripts

John Blackbourn johnbillion+wp at gmail.com
Thu Aug 6 01:55:06 UTC 2009


In the last few days two of my clients' sites have been hacked or
somehow otherwise compromised and both have resulted in encoded
scripts being injected into pages on the sites.

Both the attacks were different. One has resulted in some encoded
Javascript wrapped in an eval() statement injected into HTML pages.
The other resulted in some very strange PHP being injected into a PHP
file which looks like it might be partially base encoded.

Does anyone have tips on how I might go about decoding these scripts
to see what they were attempting to do?

John.


More information about the wp-hackers mailing list