I published the following diary on isc.sans.org: “A Bunch of Compromized WordPress Sites“:
A few days ago, one of our readers contacted reported an incident affecting his website based on WordPress. He performed quick checks by himself and found some pieces of evidence:
- The main index.php file was modified and some very obfuscated PHP code was added on top of it.
- A suspicious PHP file was dropped in every sub-directories of the website.
- The wp-config.php was altered and database settings changed to point to a malicious MySQL server.
[Read more]
[The post [SANS ISC] A Bunch of Compromized WordPress Sites has been first published on /dev/random]
Article Link: https://blog.rootshell.be/2018/06/14/sans-isc-bunch-compromized-wordpress-sites/