Friday, October 16, 2009

The server at Magic requires a username and password.

Recently one of my wordpress site was giving this message: The server at Magic requires a username and password when I was trying to update or preview an old post.

After digging into this for a bit, I found that some files have been modified: ./wp-includes/vars.php and a couple of files in plugins directory like ./wp-content/plugins/akismet/akismet.php.

All these files have lines (usually first line) containing:
eval(gzinflate(base64_decode('1VVtT9swEP7 [...]

After removing these lines (manually via SSH or FTP), the wordpress site turned out to normal.
It seems like one of the wordpress administrator had some trojans on his computer, probably one of them modified the wordpress files through wordpress admin area after he logged in.

You can read more about people complaining about this issue here:


James Moralde said...

Probably fixed by now with the current wordpress version because this kind of problem came out before version 2.8.2 was released. It is probably a hack attack based on vulnerabilities of the pre-2.8.2 version.

Buster Stronghart said...

Ana:what has happened with you E-Goldproblem?

Anonymous said...
This comment has been removed by a blog administrator.