Christiaan Kras on Nostr: Ugh, had to deal with an infected #WordPress website. If a user logged in the ...
Ugh, had to deal with an infected #WordPress website. If a user logged in the infected website would send the credentials to some website so a hacker could gain easy access. Thought I had resolved it and the index.php would get overwritten as soon as I had changed it.
Anyway, use #wpcli and issue a `wp core verify-checksums` to help you finding infected files in the core installation. Stuff in wp-content usually has eval/base64_decode calls that are suspicious.
Published at
2023-09-20 14:55:11Event JSON
{
"id": "8b9d0ba1bebd5ef08900d855c5b124c07011c53dc037a273c020a0d189b90593",
"pubkey": "12cc57de9f3375445e69c9e493c75685675442e31d583ab9454a61bf6b8d7cbc",
"created_at": 1695221711,
"kind": 1,
"tags": [
[
"t",
"wordpress"
],
[
"t",
"wpcli"
],
[
"proxy",
"https://fosstodon.org/users/Htbaa/statuses/111098050056808995",
"activitypub"
]
],
"content": "Ugh, had to deal with an infected #WordPress website. If a user logged in the infected website would send the credentials to some website so a hacker could gain easy access. Thought I had resolved it and the index.php would get overwritten as soon as I had changed it.\n\nAnyway, use #wpcli and issue a `wp core verify-checksums` to help you finding infected files in the core installation. Stuff in wp-content usually has eval/base64_decode calls that are suspicious.",
"sig": "af31e77bf917c7f2d1b162e717f961d6e4453a94ab17c603eb5bab52752dd85ed1e62aa0712066f04bfb55906586529266cc173fd9e54e7f1c9c7c420f84e1e0"
}
