TechHui

Hawaiʻi's Technology Community

Watch out for a new server infection.  No one is sure but it is thought it begins with brute force guessing of a wordpress login.

Then every php file is prepended with:

...

This apparently inserts a malicious snippet of java into your wordpress pages - that you do not see but which infects the user's computer.

At the same time, blank users are created for wp-admin with "administrator" privileges.

Since every #$*! .php file on your host is infected with this, you either have to restore from a clean backup or run a script that opens every .php file and replaces the malicious code.

Then you need to go in and remove the blank users from wp-admin.

If anyone has any more information on this and guesses as to what the initial vulnerability is, please reply.


If you need a script to do this, msg me.

Views: 400

Comment

You need to be a member of TechHui to add comments!

Join TechHui

Sponsors

web design, web development, localization

© 2019   Created by Daniel Leuck.   Powered by

Badges  |  Report an Issue  |  Terms of Service