Podlove⚠️ Make sure your Podlove Publisher is updated to v4.2.7 (published September 20). It fixes an exploit (published September 22) that is actively being used to upload malicious code to WordPress instances.
Moritz Glantz@podlove will there be information on how to find out if you have been compromised?
otackeSome signs for contamination:
- Your main index.php includes stuff behind `<?php` in line 1, something like `goto ...` (same may be true for other WordPress default files):
- You find cache.php files that contain `error_reporting(0)` followed by obfuscated code
- You find files containing `error_reporting(0); set_time_limit(0);` - even though they may not be php files - followed by all kinds of access permission changes to files
@MoritzGlantz
- Your main .htaccess file contains the rule `Allow from all` for `index.php`, `wp-blog-header.php`, ... Those files are the ones that may also contain more than a plain `<?php` in line 1.
- Your main .htaccess file contains the rule `Allow from all` for `index.php`, `wp-blog-header.php`, ... Those files are the ones that may also contain more than a plain `<?php` in line 1.