I finally got hit by this one, I see its been around since mid 2011, and I was running 3.8.6 PL1 for quite some time. This week I noticed a big drop in traffic and found this by going through google and ending up at file2store.
I have been reading posts about this for 3 days now and am nowhere other than I can clear it out of the parsed templates by disabling a plugin and re-enabling it.
I scanned all server files for "base64_decode"
-Cron.php
-funtions.php
These were all replaced when i upgraded to 3.8.7 PL2 this week
I removed 2 entried in my remote SQL (both were IP's I added) and were full static IP's
I scanned all the files by date on my server with nothing outstanding, searched through my Cron Jobs
Anyone have an actual answer to what this exploit is actually coming from?
Thanks,
Chris
I have been reading posts about this for 3 days now and am nowhere other than I can clear it out of the parsed templates by disabling a plugin and re-enabling it.
I scanned all server files for "base64_decode"
-Cron.php
-funtions.php
These were all replaced when i upgraded to 3.8.7 PL2 this week
I removed 2 entried in my remote SQL (both were IP's I added) and were full static IP's
I scanned all the files by date on my server with nothing outstanding, searched through my Cron Jobs
Anyone have an actual answer to what this exploit is actually coming from?
Thanks,
Chris
Comment