Simey69's Warning To Everyone. Please READ this!!!

***Dpet102*** · (This post was last modified: 01-13-2014 04:39 AM by Dpet102.)

@simey69. Kudos to you for raising crap on this issue.

Something else to check out...

I've noticed all bulkyfile shares have a "readme.txt" where they usually aren't expected, such as inside the wp-includes folder. Some even four levels deep.

I back you up 100% in this arguement.

D

***simey69*** · 01-13-2014, 04:57 AM

Hi Dpet102,

Thanks for the PM, I tried to reply but you have them disabled it says - no problem.

A while back, I did start putting together a quick guide, but life got a bit chaotic and busy, so it got paused.
I'll dig it out and post it here sometime over the next week (I need to re-read it and tweak a few bits etc)

Si

***Dpet102*** · (This post was last modified: 01-13-2014 05:53 AM by Dpet102.)

Hey simey69. Sorry about that, I just realized I had disabled pm's. Also, the thread I mentioned hasn't shown up.

I'll look forward to the "manual" per say. I thnk it will give really good insight to myself and others as well, in what to look for in cleaning out hidden garbage from the themes.

Didn't mean to hijack your thread btw lol

Also, as mentioned earlier in this thread by sjc999, TAC works great and is a handy little plugin, as well as Exploit Scanner and Theme Check.

All plugins are free and can be found on the wordpress repository (wordpress.org).

***simey69*** · 01-13-2014, 05:54 AM

no worries - not hijacked at all

it's a good question and happy to help everyone here

Cheers,

Si

***SendMoney*** · 01-13-2014, 05:55 AM

(01-12-2014 08:07 PM)simey69 Wrote: ACTION:

Anyone that fancies visiting some of these users and reporting the infected threads, feel free, it may get admins attention at last!!

Also - feel free to back me up on this if agree and make some noise too!!

Si

+5 Rep given, 100% support you!

***Omarseo*** · 01-13-2014, 09:34 AM

Simey69, i always thank you for keeping us aware on this thread. Rep+ added.
d*** those infecters who got nothing to do but infect others. Curse them!

***Aquarius*** · 01-16-2014, 04:18 AM

Thank you simey69's and admins for your efforts keeping clean the BestBlackhatforum.Rep added.
Thanks in advance for your quick guide. (-:

***Premier*** · 01-16-2014, 06:27 AM

Thanks simey! I downloaded one of those files earlier this morning but luckily, I haven't installed it yet.
I'm just really curious. What will happen if I install this plugin? How will it affect my website?
And what does this social.png do? Thanks in advance!

***one*** · 01-16-2014, 06:58 AM

Just curious (rep's always to simey69 whenever I get the opportunity) - does TAC plugin for wordpress detect these things 100 percent of the time? (theme authenticity checker)

There is at least one other plugin for checking WP plugins also. Just wanted to know if they are reliable for detection?

***Dpet102*** · (This post was last modified: 01-16-2014 07:34 AM by Dpet102.)

@one - TAC is helpful, but it only seems to check for hidden links. Exploit Scanner and Theme Check help as well. Both are free from the wordpress repository (wordpress.org).

I usually open notepad++ and scan the theme folder for the following:

base64_decode
eval(
mail(
imgur
And also www and http references throughout the theme.

SIDE NOTE:

It seems the "two name posters" are back with more infected crap.

Weren't a number of them banned just last week? Seems like they're back.