SANS ISC

[SANS ISC] A Bunch of Compromized WordPress Sites

I published the following diary on isc.sans.org: “A Bunch of Compromized WordPress Sites“:

A few days ago, one of our readers contacted reported an incident affecting his website based on WordPress. He performed quick checks by himself and found some pieces of evidence:

  • The main index.php file was modified and some very obfuscated PHP code was added on top of it.
  • A suspicious PHP file was dropped in every sub-directories of the website.
  • The wp-config.php was altered and database settings changed to point to a malicious MySQL server.

[Read more]

Leave a Reply

Your email address will not be published. Required fields are marked *