MySQL Database Contains Malware Signature after Clean

Home Forums Support Forum MySQL Database Contains Malware Signature after Clean

This topic contains 1 reply, has 2 voices, and was last updated by  Anti-Malware Admin 6 months ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #2433

    Kirby James
    Member

    Hi,

    My site seems to get hacked at roughly weekly intervals. Mostly existing links are replaced by links to advertising sites. Anti-Malware successfully ‘removes’ the malware such that the pages are now delivered with their correct links.

    Before using Anti-Malware I downloaded the WordPress site to my Windows desktop. I wrote a script to then search for malware. This I categorised as ‘probable malware’ (e.g.  ’clksite’, ‘adfly’ and ‘remarketing’) or possible malware ( e.g. ’eval(‘ and ‘<script’).

    Before the first infection my scan showed 1 (probable) and 7 (possible) items of malware in the SQL dump of the mysql database.

    After the first infection my script picked up 715 items of probable malware and 721 of possible malware in the database. After running Anti-Malware, and  quarantining and deleting the malware these figures dropped to 185 (probable) and 191 (possible).

    After each subsequent infection the counts jumped and dropped a little after running Anti-Malware. Upon re-checking with Anti-Malware – no malware was reported.

    I’m puzzled as to why I still detect malware in the database – is there any way of removing it?

    Many Thanks

     

    Kirby

     

     

     

    #2440

    Anti-Malware Admin
    Key Master

    If you can send me those ‘<script’ tags which are not being removed by my plugin then I will add them to my definition updates so that they will be automatically removed in future scans.

    Also, if you are still getting database injections on a regular basis I would suggest that you focus on hardening your DB security on your server. Start by changing your DB_PASSWORD and updating your wp-config.php to match. If that does not stop these injections and your host has no other security to offer then I would suggest moving your site to a move secure hosting environment.

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

Comments are closed.