Weblogtoolscollection News » Wordpress News

Hacker attack has broken thousands of WordPress blogs

  • Topic started 4 years ago
  • 1 posts so far
  • Latest reply from UseShots

  1. Malware attack, known as Gumblar, targets PHP driven websites. It injects a backdoor script into various .php files on compromised sites.

    A bug in the backdoor script effectively breaks WordPress blogs that start to report the following error for every requested page (including admin interface)

    Fatal error: Cannot redeclare xfm() (previously declared in /path/to/site/index.php(1) : eval()'d code:1)
    in /path/to/site/wp-config.php(1) : eval()'d code on line 1

    The name of the reported function changes from site to site but stays meaningless.

    The scope of the problem can be revealed by the following Google search that currently returns 62,000 results: http://www.google.com/search?hl=en&q=%22previously+declared+in%22+%22wp-config.php%22+eval+code+%22on+line+1%22
    Most results point to either compromised WordPress blogs or to posts about compromised WordPress blogs.

    More details and clean up instructions can be found here:
    http://blog.unmaskparasites.com/2009/11/04/gumblar-breaks-wordpress-blogs-and-other-complex-php-sites/

    Posted: 4 years #

RSS feed for this thread

This topic has been closed to new replies.


Back to top

0.126 - 12 queries