Skip to content

My Web experience Posts

Joomla WordPress eval base64_encode hack fixes

How did I encounter it eval base64_encode hack

I got to know this hack after I was contacted by my hosting provider telling me that one of my WordPress/Joomla websites was generating a lot of spam traffic. If you are running your own host you might discover it by monitoring the e-mail traffic generated by your server or if the load on the server has unnaturally increased.

The issue spread quite quickly and soon many others websites got hacked. I also got a lot inquiries from friends having the same issue.

How does it happen?

Sites are hacked after an attacker sends through request a piece of code that gets executed once received. That is usually done through untrusted plugins, or flaws in the CMS software.

The attack usually sneaks a line of bad code in some of the CMS’s original files. Usually in the beginning of the files, could also be in the middle. In general they try to replace a line starting with <?php with a line that has many blank spaces followed by something that usually looks like this:
eval(base64_encode(‘Zwnkjlhfk….’))
Continue reading Joomla WordPress eval base64_encode hack fixes

Comments closed