How to clean DB?

Home Forums Support Forum How to clean DB?

Tagged: 

This topic contains 1 reply, has 2 voices, and was last updated by  Anti-Malware Admin 6 years, 2 months ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #2165

    Anonymous

    Got nasty script injection malway on several sites, redirecting to mp3menu etc. Here’s more on it:

    http://labs.sucuri.net/?note=2018-09-18

    Installed a number of security plugins (incl. yours with donation – TY!!), tightened down WordPress, but redirect still happening. Now seeing a lot of <script> injections in WP_POSTS.

    Any suggestions on how to clean these across hundreds of posts? Is there a plugin on script than can help with this? If not, is there a service you can recommend to assist with resolving this? Running membership sites (Ultimate Member) and very important to tackle this ASAP.

    Thank you Eli!

    PS: I now donated from two sites, hoping that GOTMLS would be able to make a dent. Do you have a unlimited license?

    #2166

    Anti-Malware Admin
    Key Master

    Thanks for donating, you can register all you sites under the same email address and then the keys will all be on the same account so that your donations count towards all of them ;-)

    My plugin should remove the malicious code from your infected files to stop the spread of this script, but if you already have a bunch of script tags in your DB then you need to remove them manually.

    I am working on a DB Scan feature for my next plugin release and your donations help me allocate time to maintaining and improving this project, so thanks for that and look for this new update soon.

    In the mean time you can try running an SQL statement like this in PhpMyAdmin:

    UPDATE wp_posts SET post_content = REPLACE(post_content, '<script src=\'https:// some malicious domain here / malicious script.js\' type=\'text/javascript\'></script>', '') WHERE post_content LIKE '%<script src=\'https:// some malicious domain here / malicious script.js\' type=\'text/javascript\'></script>%'

    Replace both instances of “https:// some malicious domain here / malicious script.js” with whatever path is used in your injected script tags, and don’t forget to escape any quotes in the HTML strings, and it may or may not have “type=’text/javascript’” or other properties in it so check that it matches the code injected into your posts.

    If you don’t have access to PhpMyAdmin or another DB utility to execute SQL statements then you can download my EZ SQL Reports plugin (elisqlreports).

    Let me know if you need more help.

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

Comments are closed.