[wp-hackers] Possible Exploit

Glenn Pegden glenn at pegden.com
Sun Jun 12 15:23:11 UTC 2011


On Sun, Jun 12, 2011 at 12:56 PM, Jon Cave <jon at lionsgoroar.co.uk> wrote:

> n Sun, Jun 12, 2011 at 12:45 PM, Baki Goxhaj <banago at gmail.com> wrote:
>
> Yes this is extremely dangerous. It's basically a backdoor to allow
> arbitrary PHP code execution on your server. You should remove that
> code immediately, change passwords, do a full cleanup, etc.
>

Do a full cleanup, be 100% confident you have no modified code left, not
just your WP install (if it's a shall account, look for trojaned binaries
too) THEN change your password. There is every chance that the compromise
has modified "change password" scripts/binaries too, to capture your new
password as well as your old one.

Glenn





> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>



-- 
Pegden.com IT Management Services
5 Reedsdale Avenue, Gildersome, Leeds, LS27 7JE.
Tel: 0113 815 3777
Business Website: http://www.pegden.com
Personal Website: http://glenn.pegden.com


More information about the wp-hackers mailing list