[wp-hackers] WP exploit , was Re: [Webmaster Central Help] Site hacked.
Mike Little
wordpress at zed1.com
Wed Dec 2 14:55:28 UTC 2009
2009/12/2 Malaiac <malaiac at gmail.com>
> Ok. The base64 statement was in ./wp-includes/locale.php, at the end
> of the file. The file seems a legit one to me, so I guess the lien was
> added by the exploit... ?
>
> I removed the lines, and I'm going to check it stays like that.
>
> FYI, the lines were :
>
> <?php
> $V210305394="VlE+KSk0..... SNIP
>
It won't fix the problem. That line was added by some other code running on
your sever. Next time it could be added to a different file, with a
different variable name and a different encoding scheme.
Did you do the download and compare?
You should also compare your themes and plugins against the originals too.
Mike
--
Mike Little
http://zed1.com/
More information about the wp-hackers
mailing list