Reply To: Weird pharma hack

Home Forums Support Forum Weird pharma hack Reply To: Weird pharma hack


Howdy!   This thread helped me find the same attack on my website. Many thanks for that.

FWIW, in my case the wp_options table option_name is “_prevtype1″.

I noticed your plugin doesn’t touch that mysql db row. Any harm in deleting it, or NOT deleting it?

Any idea of how the injection is happening yet? I’m running a minimal set of plugins, one user/admin with a very strong password… Probably coming in thru the godaddy shared server setup I’m guessing, but wondered if anybody narrowed it down to a new vulnerability?