[Cialug] an easier way?

Mark Hesseltine markhesseltine at gmail.com
Wed Apr 22 14:07:42 UTC 2020


I would think using something like grep to search the PHP files for a
snippet of the redirect code would show which file was compromised. It
could be an exploit in the theme file which creates the page.

On Wed, Apr 22, 2020 at 9:03 AM chris <chris at bynw.com> wrote:

> wiped out all the plugins to be safe. but the redirect script was and
> still is on every post.
>
> > On Apr 22, 2020, at 08:45, L. V. Lammert <lvl at omnitec.net> wrote:
> >
> > On Wed, 22 Apr 2020 chris at bynw.com wrote:
> >
> >> hey all.
> >> trying to help out with an issue where a wordpress site got
> hacked.there is a redirect script that has been added to the bottom of
> everypost.
> >>
> > Most likely a compromised plugin, .. sometimes updating or reinstalling
> > all will fix the problem.
> >
> >    Lee
> > _______________________________________________
> > Cialug mailing list
> > Cialug at cialug.org
> > https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
>
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
>
-- 
Mark Hesseltine
mailto:markhesseltine at gmail.com


More information about the Cialug mailing list