3rd time hacked - getting used to it but ...

Hi everyone,
As I said, it's my third time my site gets hacked BUT it is not necessarily ZP who should be blamed :
My www contains a wordpress CMS and a subdirectory with a zp in it. I must admit that my zp has been forgotten for a while without any upgrade (so I am the one who should be blamed first !)
Here is my question :
The index.php at the root has been corrupted (not it the zp directory IN THE ROOT.)
This has been added :
`<?php /*68066*/ error_reporting(0); @ini_set('error_log',NULL); @ini_set('log_errors',0); @ini_set('display_errors','Off'); @eval( base64_decode('...'));/*68066*/ ?><?php`
Do you think that the security breech can still come from zp ?
I wish it could for I have upgraded and protected the wordpress part of my site, and if the breech is still there ... i am helpless ...
Thanks for any clue or advice !

Comments

  • acrylian Administrator, Developer
    It is not really possible for us to tell how this happened. If you have any Zenphoto before 1.4.1.6 it might have been or if your file/folder permissions were to low but then the install should have been affected. If you are not on the current release we really recommend to upgrade. That way you will also upload fresh files.

    So it might have been the WP install or even the server itself. You should also contact your host about that. They might have more tools to tell how that might have happened.

    I did remove part of your code so it does not hurt us here.
  • Thanks acrylian,
    First I had removed most of the 64_coded c***p in the sample I provided.
    The upgrade is done.
    ... for the rest ... I will inquire ...
    Bye,
    n
  • ... by the way, I am having a hard time to find the procedure for changing database pw ... (not on my provider's side, I mean in zp config files ...)
    Any link where it is explained ?
    Thanks
  • acrylian Administrator, Developer
    You should probably remove all of the code you posted above, the eval() part is the important one that prints encoded javascript code.

    The database credentials for Zenphoto are within the config file within /zp-data.
  • Thanks !
    (for this last answer and for the rest !)
Sign In or Register to comment.