PHP eval(base64_decode

If you find following line of code on your site:
eval ( base 64_ decode consult a PHP developer – IMMEDIATELY! This line of code means that a hacker has gained complete control over your site and is using your website for malicious purposes. This security compromise is common to websites that are running an outdated version of WordPress. WordPress updates to newer versions to remove found security threats.

DO NOT IGNORE WORDPRESS UPDATES!

Ignoring a WordPress update may result in a mySql injection attack that executes the PHP script:
<?php 
eval(base64_decode(“someObscureCharacterString”));
?>

When working with a client, a wrote a PHP app that display the mySql tables as HTML. Using this app will allow you comb through the data, to insuring that you can migrate the mySql database without transferring the infection. 

Here is the app: https://github.com/mikestratton/Wordpress-MySql-Query

 

Decoding eval(base64_decode(“someObscureCharacterString”));

Decoding this 64 bit string may result in an obscure javacript, which you may also need to decode. Here are some links that may be useful:
http://ddecode.com/phpdecoder/
http://repl.it/languages

 

 

nukeNuke Your Website!

Above all else, even if you cannot restore it – you need to nuke your entire site. Nuking your site means that you are going to delete everything AND change all passwords. Yes, drop a digital nuclear bomb into your file directory, databases and if you have dedicated hosting – reset your server.

 

0
  Related Posts