Search the Community
Showing results for tags 'infosec'.
This isn't related to Processwire, but just so the PW community is aware, today we discovered several malicious files in our server (Wordpress environment). The code in the files ultimately allows for the same thing, remote code execution. I'm guessing some security hole allowed an attacker to execute code via a plugin, which wrote a file to www.example.com/dump.php This file contained the following code: http://pastebin.com/dsLZnbCW After deciphering it slightly: http://pastebin.com/NiCe9ftn I then realised it was looking for a post request variable "n59a097" Malicious code was then being sent base64 encoded to this post variable, where it was then being decoded and run through the eval() function. Digital Ocean alerted us of the issue, after our server had been reported to them for sending out spam email. Just a heads up really as to the possibility of security holes allowing simple files to be written, that then allow for remote code execution. I'm sure Processwire is far less a target than Wordpress for these types of exploits but keep an eye out.