eval base64 on WordPress or other Sites WordPress and other CMS powered sites are often targets for hackers who mass-inject some code into php and or html files. What to look for The cases I came across so far showed a hack just before the closing body tag in form of a short script pointing to an external source. Also, in some cases I found some php file in the uploads folder (in WP the uploads folder should not contain any php files). Once the script executed, a long string starting something like this: is placed on php and/or htm/html files. This eval base64 encoded and injected PHP code will hit all php archives. How to get rid of the hack without destroying your site To start with: change your passwords (FTP and Admin). Make sure your site script WP and Plugins are updated. Check your footer.php (theme folder) and delete eventually the script added by the hack (or just load your backed up footer.php and replace the file). Check your uploads folder for php files and delete them. Check your plugins folder for unusual php files and as the case may be delete them. If you are not familiar [...]
Related posts:
How to get rid of eval base64_decode Hack
WordPress eval base64_decode Hack
Upgrade your WordPress in 5 seconds
Ycademy Easter Contest 2
Facebook Profile Picture Hack
Original Article at How to get rid of eval base64_decode Hack.How to get rid of eval base64_decode Hack — WordPress tutorial. Subsequent to our previous post here is a step by step solution for people who don’t have the time or the means to thoroughly track and eliminate all instances of the hack. We will use this method on the YORGOO Press websites. Which parts of your WordPress are touched by the Hack? Basically the DataBase as well as some files on your server: mainly the index.php or html pages plus the hack adds new pages containing namely iframe injections. The files can be found anywhere from the root folder to wp-admin, wp-includes to wp-content. Also, additional sub-domains or subfolders may be attacked. We experienced that comments may be subject to justified suspicion as well. Step by Step Troubleshooting of How to get rid of eval (base64_decode Hack Clean the database First, we will optimize the database tables and empty the comments and comments meta tables. This is to get rid of comment related problems. From a content point of view this is the main sacrifice we will make. This step is optional and you could well give it a first shot preserving the comments. Export your WordPress content from the [...]
Copyright © Yorgo Nestoridis - Original Article at How to get rid of eval base64_decode Hack.
Related posts:WordPress eval base64_decode Hack
How to Move your WordPress Blog
Install XO 2011 on Ycademy Sandbox
Upgrade your WordPress in 5 seconds
How to Install YORGOO Booster
Original Article at WordPress eval base64_decode Hack.Troubleshoot eval(base64_decode This post describes the impact of eval(base64_decode on Zo Nicholas’ WordPress based Author blog. 1. The Symptoms The first symptoms noticed were a change of the layout of the site: the site was not anymore browser centered but hanging on the left edge of the scree. Checking out the site from server side, we notice that all index.php files show a modified first line starting like so: then follows a long, long string of encrypted code. Also we find unusual php files which have been added on server side. Surprisingly all added content does not trigger a change of the date of the file (last modified). 2. The analysis 2.1 First we went to decode the above hack: Decoding can be easily done from TOASTEDspam. 2.2 We run an exploit scan on the site To scan the site we use the Exploit Scan Plug-in and get: 79 severe level matches: Further 39 Warnings were detected. Besides, the scan came forth with 520 noteworthy matches. 3. Troubleshooting eval (base64_decode While the Exploit scan indicates where the hack may have impacted, the result may not be complete. As you can see from the above, manual troubleshooting can easily mess [...]
Copyright © Yorgo Nestoridis - Original Article at WordPress eval base64_decode Hack.
Related posts:NewsCast Data Base Maintenance
WordPress 2.9 update on Semiomantics
BuddyPress Yorgoo Media
Facebook Profile Picture Hack
YORGOO Press Important Update
April 26, 2012
0