http://weblogtoolscollection.com/news/ Weblogtoolscollection News Topic: Hacker attack has broken thousands of WordPress blogs en Wed, 19 Jun 2013 12:05:07 +0000 http://weblogtoolscollection.com/news/topic/hacker-attack-has-broken-thousands-of-wordpress-blogs#post-5726 Fri, 06 Nov 2009 14:45:47 +0000 UseShots 5726@http://weblogtoolscollection.com/news/ <p>Malware attack, known as Gumblar, targets PHP driven websites. It injects a backdoor script into various .php files on compromised sites.</p> <p>A bug in the backdoor script effectively breaks WordPress blogs that start to report the following error for every requested page (including admin interface)</p> <p><code><strong>Fatal error:</strong> Cannot redeclare xfm() (previously declared in /path/to/site/index.php(1) : eval()'d code:1)<br /> in <strong>/path/to/site/wp-config.php(1) : eval()'d code</strong> on line 1</code></p> <p>The name of the reported function changes from site to site but stays meaningless.</p> <p>The scope of the problem can be revealed by the following Google search that currently returns <strong>62,000</strong> results: <a href="http://www.google.com/search?hl=en&#38;q=%22previously+declared+in%22+%22wp-config.php%22+eval+code+%22on+line+1%22" rel="nofollow">http://www.google.com/search?hl=en&#38;q=%22previously+declared+in%22+%22wp-config.php%22+eval+code+%22on+line+1%22</a><br /> Most results point to either compromised WordPress blogs or to posts about compromised WordPress blogs.</p> <p>More details and clean up instructions can be found here:<br /> <a href="http://blog.unmaskparasites.com/2009/11/04/gumblar-breaks-wordpress-blogs-and-other-complex-php-sites/" rel="nofollow">http://blog.unmaskparasites.com/2009/11/04/gumblar-breaks-wordpress-blogs-and-other-complex-php-sites/</a> </p>