GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   Exploit Scanning With Shell (https://gfy.com/showthread.php?t=1068725)

smutnut 05-20-2012 04:37 AM
Exploit Scanning With Shell
 
Good Sunday Morning to you.

I have two domains that have exploits on them. At least google is telling me this. One I had for a while and one I just moved hosting to this server and now google sees it.

It's referencing a certain domain that placed malware. Does this mean I should be able to find that url somewhere on my pages if I search my html through shell?

Also, (also I think this is important) shell and exploit scanner will crash if I do this from main root(s). At least this is happening now with exploit scanner plug in, and I think this happened before if I remember correctly when I used shell to search. Forget how to do it now so...

Also what is the shell input again to do this seach LOL :1orglaugh ?

Also (or extra note). I just somehow removed most malware from all the subdomains for the site I just moved (about six), or at least google thinks I did. Does this mean anything. (I deleted lots of plug ins and templates.

Thanks in advance.

This has been my weekend. How has yours been :1orglaugh LOL?

BradBreakfast 05-20-2012 05:08 AM
You probably are running an old out of date script that is exploitable. I offer secure Wordpress hosting that's reasonable. brad(at)boysforbreakfast(dot)com

ladida 05-20-2012 07:15 AM
Quote:
Originally Posted by smutnut (Post 18955755)
It's referencing a certain domain that placed malware. Does this mean I should be able to find that url somewhere on my pages if I search my html through shell?
That domain it's referencing is stealing your traffic. You won't find it in cleartext like you think because that would be too easy. It's most likely obfuscated in javascript or hex or some other crap like that they like to use. Get someone to clean it for you if host can't.

Oracle Porn 05-20-2012 07:39 AM
Quote:
Originally Posted by ladida (Post 18955954)
That domain it's referencing is stealing your traffic. You won't find it in cleartext like you think because that would be too easy. It's most likely obfuscated in javascript or hex or some other crap like that they like to use. Get someone to clean it for you if host can't.
what if you host can't and doesn't give root access to someone who can?

raymor 05-20-2012 07:50 AM
root access is probably not required. SSH access would be extremely useful, though. If the host can't or won't take care of it and won't let anyone else take care of it, then the host is your primary problem at that point. You'd have to replace the host if, after appropriate discussion, they continue to refuse to allow the problem to be addressed.

We've built some tools to help find problems like this. We also have good relationships with many hosting companies. Based on the reputation we've built over many years, they are sometimes comfortable granting us access that they wouldn't grant to must any random person. After all, if they are tuning Apache they're ALREADY trusting our code.

Best-In-BC 05-20-2012 08:04 AM
Quote:
Originally Posted by Oracle Porn (Post 18955981)
what if you host can't and doesn't give root access to someone who can?
You move hosts ASAP!

funnybone 05-20-2012 03:03 PM
I had a similar hack on a site running Vbulletin 3 with a sneaky js redirect insert.

This is the shell script I used

Code:
for i in $(find . -name '*.php')
do
sed -i -r 's#eval\(base64_decode\([^\)]+\)\);##g' "${i}"
done
Only good if the code inserted starts with eval(base64_decode(.
That's just a temporary fix, though.

papill0n 05-20-2012 09:11 PM
Always keep wordpress updated

garce 05-20-2012 09:14 PM
Quote:
Originally Posted by papill0n (Post 18956798)
Always keep wordpress updated
That'll help. Rofl.


All times are GMT -7. The time now is 07:05 PM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc