A Quick Way To Check For Hacked WordPress Files

Posted by admin on February 15th, 2012

In the wee morning hours another malicious piece of code found its way into several of my websites’ index.php file. This comes after being hacked once before due to a vulnerability in the PHPMyAdmin Worpdress plugin.

As luck would have it most of these injected iframe hacks tend to cause errors when displayed in the browser and I usually check my sites at least once a day either manually or through automated processes. So when I went to visit one of the sites that had been hacked I got a malware alert (I use Chrome). Of course I investigated the issue and found some base64 encoded php in my root index.php file:

eval(base64_decode(‘ZXJyb3JfcmVwb3……..));

This is just a sample of what was in the file. I ran the code through a base64 decode and basically the code was an iframe to a malicious site which is why I got the malware alert.

Read More »
Posted in Shell, Wordpress Tags: , 1 Comment »

Hacked By Vulnerability In PhpMyAdmin WordPress Plugin

Posted by keith on January 21st, 2012

I consider myself to be very knowledgeable when it comes to security. I have worked in the security field for about 10 years but being hacked happens to the best of us.

My ordeal started early last week when I got awakened out of my sleep  to the sound of my phone texting me that my server was running out of memory. I usually get a text about 3 or 4 times a day but usually it means that the server’s traffic is spiking. But that night it went off about 45 times so I knew something was up.

Read More »
Posted in Apache, PHP, Wordpress Tags: , , , No Comments »
Powered by WordPress