Close

June 7, 2014

Malicious redirects

I noticed that my site’s shared link is doing a conditional redirect to the URL *.ignorelist.com, I did some digging and it was a php hack (and most likely) from a plugin or a free theme you downloaded through the admin page. The hack was done with something like this:

eval(base64_decode("DQplcnJvcl9RpbmcoMCk7DQokcWF6cGxt...(snipped a bit)...mlnbm9yZWxpc3QuYeGl0KCk7DQp9Cn0NCn0NCn0NCn0="));

Start by checking for “eval(base64_decode” your files then the common files like headers and footers, then themes/plugins and core files. With WordPress sites these are some common files that hackers hit –wp-load.php, wp-config.php.

I used Sublime Text to look for the code and the hack in wp-config.php. I have no idea which plugin or theme that caused this problem but there is a lesson here. Do not use the admin to install new themes and plugins unless you are certain that the files does not have any obfuscated php code.

You can check your site if there is any malware using evuln.com’s malware-scanner tool.

2 Comments on “Malicious redirects

Mal'akh
June 7, 2014 at 09:21

I was wondering why sometimes your site redirects to that one depending on where I access it. That’s one reason why I make my own themes… except when I have you make them. 😛

thepoet
June 8, 2014 at 00:52

It’s probably from a plugin I tested before.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: