Do you check for external style in post's SQL

Home Forums Support Forum Do you check for external style in post's SQL


This topic contains 1 reply, has 2 voices, and was last updated by  Eli Scheetz 11 years, 1 month ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
  • #656

    Alan McNeil

    I didn’t see anywhere in the forum or FAQ a list of what your plugin checks. Is it just files or does gotmls pull all the post data from the database to check for suspicious external styles?
    I found most of the pharma hack files myself before finding your tool BUT at 4AM it’s very nice to have gotmls find some questionable ones. Sure enough, there was another classic eval decode_base64. PLus these jerks have been back twice in a month (2 different exploits to get in).
    Still I’m a bit worried there may be some sneaky styles put directly into posts in the database. See for an older exploit using that trick.

    I’ve got a collection of files from the last month of hacks if they’d be useful to you.

    Got to love this obfuscation:


    Thanks for the plugin. Sent you saturday date money.


    Eli Scheetz


    My plugin just check files right now (mostly looking for malicious htaccess, php, and javascript). I am working on a more support for database hacks but that’s a very different animal and it’s pretty easy for people to find post and widget injections on their own since they are not encoded.
    I would love to have a look at your collection of files from the last month of hacks.
    If you want to give me WP Admin access to your site I could double check it for you.
    Aloha, Eli
    P.S. Thanks for your donation!

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

Comments are closed.