Jump to content

Recommended Posts

Posted

This isn't related to Processwire, but just so the PW community is aware, today we discovered several malicious files in our server (Wordpress environment). The code in the files ultimately allows for the same thing, remote code execution.

I'm guessing some security hole allowed an attacker to execute code via a plugin, which wrote a file to www.example.com/dump.php

This file contained the following code: http://pastebin.com/dsLZnbCW

After deciphering it slightly: http://pastebin.com/NiCe9ftn

I then realised it was looking for a post request variable "n59a097"

Malicious code was then being sent base64 encoded to this post variable, where it was then being decoded and run through the eval() function.

Digital Ocean alerted us of the issue, after our server had been reported to them for sending out spam email.

Just a heads up really as to the possibility of security holes allowing simple files to be written, that then allow for remote code execution.

I'm sure Processwire is far less a target than Wordpress for these types of exploits but keep an eye out.

  • Like 2
Posted

After so many times for so long, being in the news being compromised makes you wonder if wordpress is still worth anyones time and effort.

  • Like 2
Posted

Quite a clever bit of code, that, obfuscating base64_decode in the hope of avoiding security scanners. Can't hide eval(), though.

  • Like 1
Posted

Yup... On a sidenote: The wp-admin Wordpress template / code / PHP editor is by itself a huge security-risk. I would immediately uninstall it.

  • Like 2
Posted

Hi all, worked it out using a pen and paper haha, followed the code and wrote down the word it seemed to be spelling out from the random string at the top.

The random string turned out to be not so random spelling out base64_decode.

  • Like 2
  • 3 weeks later...
  • 2 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...