5 Replies - 4739 Views - Last Post: 16 March 2012 - 04:04 PM

Poll: Have you had it a hack to wordpress (4 member(s) have cast votes)

Have you had this same problem before

  1. Yes (1 votes [25.00%] - View)

    Percentage of vote: 25.00%

  2. No (3 votes [75.00%] - View)

    Percentage of vote: 75.00%

Vote Guests cannot vote

#1 nerd323  Icon User is offline

  • New D.I.C Head

Reputation: 1
  • View blog
  • Posts: 13
  • Joined: 27-March 11

PROBLEM - Wordpress site hacked - eval(base64_decode(''))

Posted 15 March 2012 - 03:01 AM

I own a site ***MOD EDIT: REMOVED LINK*** and I was informed that my site had corrupt or malicious files on it. I had a search and found that in the index.php file someone hacked it and put in that eval(base64_decode('')) which translated to a code stopping spiders nd crawlers from accessing my site. It also had a php comment saying "//Silence is golden". I am now fixing it, but it the most annoying thing I have ever found. There have also been other people who have got this exact same thing. Annoying right?

This post has been edited by JackOfAllTrades: 15 March 2012 - 03:28 AM


Is This A Good Question/Topic? 0
  • +

Replies To: PROBLEM - Wordpress site hacked - eval(base64_decode(''))

#2 JackOfAllTrades  Icon User is offline

  • Saucy!
  • member icon

Reputation: 6066
  • View blog
  • Posts: 23,526
  • Joined: 23-August 08

Re: PROBLEM - Wordpress site hacked - eval(base64_decode(''))

Posted 15 March 2012 - 03:26 AM

Moved to Corner Cubicle.

Do NOT put links to malicious sites, even your own hacked site!
Was This Post Helpful? 0
  • +
  • -

#3 CTphpnwb  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 2998
  • View blog
  • Posts: 10,380
  • Joined: 08-August 08

Re: PROBLEM - Wordpress site hacked - eval(base64_decode(''))

Posted 15 March 2012 - 07:04 AM

Let me guess: You don't use prepared statements in your MySQL queries. I'll bet you do stuff like this too:
$name = $_POST['name'];
...
$query = "SELECT * FROM yourtable WHERE username=$name";


Now go read up on prepared statements and NEVER again allow user input into a query.
Was This Post Helpful? 0
  • +
  • -

#4 nerd323  Icon User is offline

  • New D.I.C Head

Reputation: 1
  • View blog
  • Posts: 13
  • Joined: 27-March 11

Re: PROBLEM - Wordpress site hacked - eval(base64_decode(''))

Posted 16 March 2012 - 02:03 AM

I was using wordpress.
The site is good now.
Was This Post Helpful? 0
  • +
  • -

#5 RudiVisser  Icon User is offline

  • .. does not guess solutions
  • member icon

Reputation: 1003
  • View blog
  • Posts: 3,562
  • Joined: 05-June 09

Re: PROBLEM - Wordpress site hacked - eval(base64_decode(''))

Posted 16 March 2012 - 04:40 AM

ASP.NET Blogs never have this issue
Was This Post Helpful? 0
  • +
  • -

#6 Atli  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 3719
  • View blog
  • Posts: 5,990
  • Joined: 08-June 10

Re: PROBLEM - Wordpress site hacked - eval(base64_decode(''))

Posted 16 March 2012 - 04:04 PM

View PostRudiVisser, on 16 March 2012 - 11:40 AM, said:

ASP.NET Blogs never have this issue

Perhaps not this exact issue, seeing as it is a PHP specific exploit, but ASP.NET servers are by no means immune to code injection exploits. If an attacker gains access to the file-system - like he would have had to in order to inject this into the OP's index.php page - then he could just as well swap out or edit the byte-code files for the ASP.NET website, effectively doing the same thing that happened to this PHP site.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1