Accutane WordPress Hack

If your wordpress site is showing “Buy Accutane Online” in the Google Results, it’s because one of the plugins you’re using is not safe. One plugin know for this exploit is the “My Page Order” plugin by geekyweekly.

I’d suggest removing the plugin all together. You’ll notice that the source code is clean, if you view it, as the plugin only affects the page when the Google bot is viewing it.

The function is using two strings of binary character values:

$unique_id = "\x62\x61s\x65\x36\x34\x5f\x64\x65c\x6f\x64\x65"
$unique_hash = "\x63\x72e\x61\x74\x65\x5f\x66\x75\x6ec\x74\x69\x6f\x6e"

Those translate into base64_decode and create_function respectively, which are two functions you don’t want to see in any plugin or theme, they are usually responsible for maladies.

You should also check your server logs for “wxdGrgPB” as that is the post/get variable used to send malicious commands to this script.

Related Posts:

  • No Related Posts
This entry was posted in Tech Tips, Web Development and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *