Hacked via footer.php
-
On a site of a customer of ours that uses this plugin we found a hard that was mostlikely placed via the following file: wp-content/plugins/register-plus-redux/extension/readygraph.footer.php
Used version is 4.2.3 and it was installed on 26-jun at 15:21 and at 19:23 the file.php was placed allowing someone complete access to the site.
Someone posted to that file and shortly after performing a check to see if a certain file (file.php) was placed. See log sniped below.
134.0.28.86 – – [26/Jun/2015:19:23:08 +0200] “POST /wp-content/plugins/register-plus-redux/extension/readygraph/footer.php HTTP/1.0” 200 416 “-” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0”
134.0.28.86 – – [26/Jun/2015:19:23:09 +0200] “GET /wp-content/plugins/revslider/rs-plugin/source/file.php HTTP/1.0” 200 274 “-” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0”For now I have the plugin removed from his wordpress.
If you need more information let me know.
- The topic ‘Hacked via footer.php’ is closed to new replies.
