Exploit Scanning With Shell

[smutnut]

Good Sunday Morning to you.

I have two domains that have exploits on them. At least google is telling me this. One I had for a while and one I just moved hosting to this server and now google sees it.

It's referencing a certain domain that placed malware. Does this mean I should be able to find that url somewhere on my pages if I search my html through shell?

Also, (also I think this is important) shell and exploit scanner will crash if I do this from main root(s). At least this is happening now with exploit scanner plug in, and I think this happened before if I remember correctly when I used shell to search. Forget how to do it now so...

Also what is the shell input again to do this seach LOL ?

Also (or extra note). I just somehow removed most malware from all the subdomains for the site I just moved (about six), or at least google thinks I did. Does this mean anything. (I deleted lots of plug ins and templates.

Thanks in advance.

This has been my weekend. How has yours been LOL?

[BradBreakfast]

You probably are running an old out of date script that is exploitable. I offer secure Wordpress hosting that's reasonable. brad(at)boysforbreakfast(dot)com

[ladida]

Quote:

Originally Posted by smutnut

It's referencing a certain domain that placed malware. Does this mean I should be able to find that url somewhere on my pages if I search my html through shell?

That domain it's referencing is stealing your traffic. You won't find it in cleartext like you think because that would be too easy. It's most likely obfuscated in javascript or hex or some other crap like that they like to use. Get someone to clean it for you if host can't.

[Oracle Porn]

Quote:

Originally Posted by ladida

That domain it's referencing is stealing your traffic. You won't find it in cleartext like you think because that would be too easy. It's most likely obfuscated in javascript or hex or some other crap like that they like to use. Get someone to clean it for you if host can't.

what if you host can't and doesn't give root access to someone who can?

[raymor]

root access is probably not required. SSH access would be extremely useful, though. If the host can't or won't take care of it and won't let anyone else take care of it, then the host is your primary problem at that point. You'd have to replace the host if, after appropriate discussion, they continue to refuse to allow the problem to be addressed.

We've built some tools to help find problems like this. We also have good relationships with many hosting companies. Based on the reputation we've built over many years, they are sometimes comfortable granting us access that they wouldn't grant to must any random person. After all, if they are tuning Apache they're ALREADY trusting our code.

[Best-In-BC]

Quote:

Originally Posted by Oracle Porn

what if you host can't and doesn't give root access to someone who can?

You move hosts ASAP!

[funnybone]

I had a similar hack on a site running Vbulletin 3 with a sneaky js redirect insert.

This is the shell script I used

Code:

for i in $(find . -name '*.php')
do
sed -i -r 's#eval\(base64_decode\([^\)]+\)\);##g' "${i}"
done

Only good if the code inserted starts with eval(base64_decode(.
That's just a temporary fix, though.

[papill0n]

Always keep wordpress updated

[garce]

Quote:

Originally Posted by papill0n

Always keep wordpress updated

That'll help. Rofl.