Do you check for external style in post's SQL

Home Forums Support Forum Do you check for external style in post's SQL

Tagged: 

This topic contains 1 reply, has 2 voices, and was last updated by Eli Scheetz Eli Scheetz 4 years ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #656
    Alan McNeil
    Alan McNeil
    Member

    I didn’t see anywhere in the forum or FAQ a list of what your plugin checks. Is it just files or does gotmls pull all the post data from the database to check for suspicious external styles?
    I found most of the pharma hack files myself before finding your tool BUT at 4AM it’s very nice to have gotmls find some questionable ones. Sure enough, there was another classic eval decode_base64. PLus these jerks have been back twice in a month (2 different exploits to get in).
    Still I’m a bit worried there may be some sneaky styles put directly into posts in the database. See http://wiki.mediatemple.net/w/(gs):Fix_WordPress_redirect_exploit for an older exploit using that trick.

    I’ve got a collection of files from the last month of hacks if they’d be useful to you.

    Got to love this obfuscation:

    $asruhlkjshflj='ba'.'se64_'.'deco'.'de';
    eval($asruhlkjshflj,...

    Thanks for the plugin. Sent you saturday date money.

    #660
    Eli Scheetz
    Eli Scheetz
    Member

    Alan,

    My plugin just check files right now (mostly looking for malicious htaccess, php, and javascript). I am working on a more support for database hacks but that’s a very different animal and it’s pretty easy for people to find post and widget injections on their own since they are not encoded.
    I would love to have a look at your collection of files from the last month of hacks.
    If you want to give me WP Admin access to your site I could double check it for you.
    Aloha, Eli
    P.S. Thanks for your donation!

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

Comments are closed.