malicious code 336988

  • Author
    Posts
  • #1112481

    pwforaker
    Member

    I have about 15 WordPress installations (at 3.4 and 3.5). On December 12 and again on December 30, someone/something injected malicious code into hundreds of html, php and js files in a directory on my server, and deposited malicious .htaccess files. The code is commented with the # 336988.

    Google shows one other person with this issue, and so far the best guess is that there’s a plugin with a vulnerability.

    Any ideas?

    #1112579

    supportbot
    Member

    You did not specify a blog address or reason for posting when you created this topic.

    This support forum is for blogs hosted at WordPress.com. If your question is about a self-hosted WordPress blog then you’ll find help at the WordPress.org forums.

    If you don’t understand the difference between WordPress.com and WordPress.org, you may find this information helpful.

    If you forgot to include a link to your blog, you can reply and include it below. It’ll help people to answer your question.

    This is an automated message.

    #1112830

    pwforaker do you have skype, mail, anyway to talk with you?

    Because “my website” was also hacked but is not a WP website, is custom made and i would like to know how, that “number” i think that is the name of the hacker…. first i thought that was a “hack numer” like ID for the website hacked, but now i see that is not true….

    Can you please send me all the info that you have about this topi? In my site i just saw .js and .html “hacked” but i noticed some .htacces in on other websites.

    #1112831

    auxclass
    Member

    The site you are asking about does not seem to be hosted on WordPress.COM so you need to make friends over at WordPress.ORG the keepers of the software you are using.

    https://en.forums.wordpress.com/topic/7-things-to-know-before-posting-in-wordpresscom-forums?replies=1

    This site is for support of sites hosted on WordPress.COM. You should address your questions to WordPress.ORG the keepers of the software you are using: http://wordpress.org/support/

    For more on the difference: http://support.wordpress.com/com-vs-org/

    #1112839

    francodag
    Member

    Hi, I’ve published a script on StackOverflow that can hepl to remove the trojan.

    See http://stackoverflow.com/questions/14302910/why-regex-pattern-works-with-html-comments-but-doesnt-work-with-php-and-js-comm

The topic ‘malicious code 336988’ is closed to new replies.