larryaronson

Same attack on one of my client sites (domain name changed in description below):

Other than repeatedly running scans and deleting files as they appear, does anyone have any info on a fix other than disabling Super Cache or clearing the cache?

TIA —?Larry

Filename: wp-content/cache/supercache/example.com/meta-wp-cache-c0f8d5caccac02d4f86bae1af2d6f5db.php
File Type: Not a core, theme, or plugin file from www.ads-software.com.
Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The matched text in this file is: eval($_POST

The issue type is: Backdoor:PHP/EvalSuperGlobal.7725
Description: Code executed from user input – almost always indicates a backdoor

Thanks for the suggestions but they didn’t work. I was installing from /blogfolder/wp-admin/install.php as per the instructions. I tried lynx. It vomited up a pagefull of php code and was useless when I tried submitting the form.

Lynx displayed:

wp-config.php file. I need this before we can get started. Need more help? We got it. You can create a wp-config.php file
through a web interface, but this doesn’t work for all server setups. The safest way is to manually create the file.”,
“WordPress ? Error”); } require_once(‘../wp-config.php’); require_once(‘./includes/upgrade.php’); if
(isset($_GET[‘step’])) $step = $_GET[‘step’]; else $step = 0; function display_header(){ header( ‘Content-Type:
text/html; charset=utf-8′ ); ?> >

WordPress

‘.__(‘Already Installed’).’

‘.__(‘You appear to have already installed WordPress. To reinstall please clear your old database tables first.’).’
‘);} switch($step) { case 0: case 1: // in case people are directly linking to this display_header(); ?>

ReadMe documentation
at your leisure. Otherwise, just fill in the information below and you\’ll be on your way to using the most extendable
and powerful personal publishing platform in the world.’), ‘../readme.html’); ?>

_________________________
_________________________
[X]

<?php _e(‘Install WordPress ?’); ?>

error) ) wp_die($wpdb->error->get_error_message()); display_header(); // Fill in the data we gathered $weblog_title =
stripslashes($_POST[‘weblog_title’]); $admin_email = stripslashes($_POST[‘admin_email’]); $public = (int)
$_POST[‘blog_public’]; // check e-mail address if (empty($admin_email)) { // TODO: poka-yoke die(__(“ERROR: you must
provide an e-mail address”)); } else if (!is_email($admin_email)) { // TODO: poka-yoke die(__(‘ERROR: that isn\’t a valid
e-mail address. E-mail addresses look like: [email protected]’)); } $wpdb->show_errors(); $result =
wp_install($weblog_title, ‘admin’, $admin_email, $public); extract($result, EXTR_SKIP); ?>

log in
with the username “admin” and password “%2$s”.’), ‘../wp-login.php’, $password); ?>

Note that password
carefully! It is a random password that was generated just for you.’); ?>

admin

wp-login.php

WordPress
, personal publishing platform.’); ?>

Hi,

I ran into the same error.

The install returned a blank screen. The log shows the same missing wp_options table error as you have above.

The database is good, I can log into if from mysql and the user grants look normal. No tables were created by the failed install.

Fedora core 4 system,
php version 5.0.4
mysql 4.1.11

Larry