Understanding and cleaning the Pharma hack on WordPress --
The Pharma Hack has various moving parts:
1 – Backdoor that allows the attackers to insert files and modify the database.
2 – Backdoor inside one (or more) plugins to insert the spam.
3 – Backdoor inside the database used by the plugins.
After decoded, this is the content of the backdoor: http://sucuri.net/?page=tools&title=blacklist&detail=3ec33c4ab82d2db3e26871d5a11fb759
If you are infected, you will see things like (full content of the file here):
No comments:
Post a Comment