• On a site of a customer of ours that uses this plugin we found a hard that was mostlikely placed via the following file: wp-content/plugins/register-plus-redux/extension/readygraph.footer.php

    Used version is 4.2.3 and it was installed on 26-jun at 15:21 and at 19:23 the file.php was placed allowing someone complete access to the site.

    Someone posted to that file and shortly after performing a check to see if a certain file (file.php) was placed. See log sniped below.

    134.0.28.86 – – [26/Jun/2015:19:23:08 +0200] “POST /wp-content/plugins/register-plus-redux/extension/readygraph/footer.php HTTP/1.0” 200 416 “-” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0”
    134.0.28.86 – – [26/Jun/2015:19:23:09 +0200] “GET /wp-content/plugins/revslider/rs-plugin/source/file.php HTTP/1.0” 200 274 “-” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0”

    For now I have the plugin removed from his wordpress.

    If you need more information let me know.

    https://www.ads-software.com/plugins/register-plus-redux/

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘Hacked via footer.php’ is closed to new replies.