WordPress Hacked: Time to Collect Stones
On duty, I own several fairly popular sites on the WordPress engine. And recently, faced with a massive and very sophisticated hacking WordPress. Unfortunately, I have not yet found exactly which holes / bugs are used for hacking and which versions are susceptible to hacking (it is believed that the latest version of WP is also vulnerable). But I can tell you that you can check to sleep well:
- check the table wp_options active_plugins attribute for the presence of tricky files, such as ../../../../tmp/XODHG/ ... Which are mystically put into tmpfiles and are written into plugins
- check the table wp_options, for the presence of pieces of code in the attributes MagpieRSS. I don’t understand how WP manages to execute them, but it’s a fact :)
- current WP theme, source files, they are appended with an eval type code (base64_decode (“aWYoJF9HRVRb ...
- A database (wp_posts) for the presence of the thedrakegroup.org string, because it writes the type strings to posts
Good luck to everyone in the fight against this burglary!
- check the table wp_options active_plugins attribute for the presence of tricky files, such as ../../../../tmp/XODHG/ ... Which are mystically put into tmpfiles and are written into plugins
- check the table wp_options, for the presence of pieces of code in the attributes MagpieRSS. I don’t understand how WP manages to execute them, but it’s a fact :)
- current WP theme, source files, they are appended with an eval type code (base64_decode (“aWYoJF9HRVRb ...
- A database (wp_posts) for the presence of the thedrakegroup.org string, because it writes the type strings to posts
Good luck to everyone in the fight against this burglary!
')
Source: https://habr.com/ru/post/27550/
All Articles