Watch out for a new server infection. No one is sure but it is thought it begins with brute force guessing of a wordpress login.
Then every php file is prepended with:
...
This apparently inserts a malicious snippet of java into your wordpress pages - that you do not see but which infects the user's computer.
At the same time, blank users are created for wp-admin with "administrator" privileges.
Since every #$*! .php file on your host is infected with this, you either have to restore from a clean backup or run a script that opens every .php file and replaces the malicious code.
Then you need to go in and remove the blank users from wp-admin.
If anyone has any more information on this and guesses as to what the initial vulnerability is, please reply.
If you need a script to do this, msg me.
© 2024 Created by Daniel Leuck. Powered by
You need to be a member of TechHui to add comments!
Join TechHui