CryptoPHP - Backdoor in Thousands of CMS Plugins and Themes

[xiaofang]

http://thehackernews.com/2014/11/cryptop...hemes.html
go here and read the story

[ALBANIAN BEAST IN BBHF]

(11-25-2014 04:43 AM)xiaofang Wrote:  http://thehackernews.com/2014/11/cryptop...hemes.html
go here and read the story

HOW THE HELL CAN WE KNOW WHICH SCRIPT? UNKNOWN DETAILS and I HAVENT SEEN ANY UPDATE OR THREAD ABOUT THIS IN THE FORUM...

I HOPE ITS NOT AS BAD AS IT SEEMS... PERSONALLY I PREFER MORE EASY AND USEFUL SCRIPTS, THAN TO DOWNLOAD THEM FROM UNKNOWN SOURCES.

[DrugsIsTakingOverYourMind]

(11-26-2014 02:14 AM)crymetyme Wrote:  

(11-25-2014 04:43 AM)xiaofang Wrote:  http://thehackernews.com/2014/11/cryptop...hemes.html
go here and read the story

HOW THE HELL CAN WE KNOW WHICH SCRIPT? UNKNOWN DETAILS and I HAVENT SEEN ANY UPDATE OR THREAD ABOUT THIS IN THE FORUM...

I HOPE ITS NOT AS BAD AS IT SEEMS... PERSONALLY I PREFER MORE EASY AND USEFUL SCRIPTS, THAN TO DOWNLOAD THEM FROM UNKNOWN SOURCES.

Open your eyes a bitalready topic about in VIP section if imright

[basuraza]

I would say that at least 80% of the shared code has this backdoor, so it was your fault not using malware antivirus or run your own tests before uploading to your servers.
TAC from wordpress and Core Security Ninja
http://codecanyon.net/item/core-scanner-...ja/2927931
https://wordpress.org/plugins/tac/
https://wordpress.org/plugins/wordfence/
https://wordpress.org/plugins/sucuri-scanner/
http://wordpress.org/plugins/wp-antiviru...rotection/
http://wordpress.org/plugins/antivirus/
https://wordpress.org/plugins/gotmls/
https://wordpress.org/plugins/quttera-we...e-scanner/
https://wordpress.org/plugins/wemahu/
http://wordpress.org/plugins/exploit-scanner/

If you really need to know if it changes something into the system with no notice check:
http://wordpress.org/plugins/wp-changes-tracker/
Log checker: https://wordpress.org/plugins/wp-security-audit-log/

And do a run into your site:
http://sitecheck.sucuri.net/

For the files, just unzip into your local folder and run an Antivirus program.

If your server has been compromissed, let me know, as security sysadmin with 15y of experience I can track and isolate the thread, securizing your system from hackers.
**Only for VPS or dedicated servers over Linux. Just send me a pm.

-oo-

[xiaofang]

Yes check always script before u use them. there is lots of newbie and leechers in the scene and they think is BIG to share others artwork decoding and nulling. Yes this is a art. and lots of hours behind all decoded and nulled script good guy share and fix.
But leecher see only one thing and take credits so lots of host are hijacked becuase they not test before.
so check all you newer know

[myshare]

fake news, they want force you to buy things than download for free, peace

[xiaofang]

You think smile
you can do some command line hehe and see if your host and domain is hijacked with a backdoor.
If you do a search you will find some useful command line. so is not fake news

---

So always check script before and maybee look after some png file

[ALBANIAN BEAST IN BBHF]

(11-26-2014 02:21 AM)DrugsIsTakingOverYourMind Wrote:  

(11-26-2014 02:14 AM)crymetyme Wrote:  

(11-25-2014 04:43 AM)xiaofang Wrote:  http://thehackernews.com/2014/11/cryptop...hemes.html
go here and read the story

HOW THE HELL CAN WE KNOW WHICH SCRIPT? UNKNOWN DETAILS and I HAVENT SEEN ANY UPDATE OR THREAD ABOUT THIS IN THE FORUM...

I HOPE ITS NOT AS BAD AS IT SEEMS... PERSONALLY I PREFER MORE EASY AND USEFUL SCRIPTS, THAN TO DOWNLOAD THEM FROM UNKNOWN SOURCES.

Open your eyes a bitalready topic about in VIP section if imright

TOO BUSY BRO FOR STAYING UPDATED IN EVERY THREAD...

[inferno885]

this actually happens tho, this is why I never use a plugin/theme on my site that was shared on a blackhat forum.

[Burak01]

(11-26-2014 02:31 AM)basuraza Wrote:  I would say that at least 80% of the shared code has this backdoor, so it was your fault not using malware antivirus or run your own tests before uploading to your servers.
TAC from wordpress and Core Security Ninja
http://codecanyon.net/item/core-scanner-...ja/2927931
https://wordpress.org/plugins/tac/
https://wordpress.org/plugins/wordfence/
https://wordpress.org/plugins/sucuri-scanner/
http://wordpress.org/plugins/wp-antiviru...rotection/
http://wordpress.org/plugins/antivirus/
https://wordpress.org/plugins/gotmls/
https://wordpress.org/plugins/quttera-we...e-scanner/
https://wordpress.org/plugins/wemahu/
http://wordpress.org/plugins/exploit-scanner/

If you really need to know if it changes something into the system with no notice check:
http://wordpress.org/plugins/wp-changes-tracker/
Log checker: https://wordpress.org/plugins/wp-security-audit-log/

And do a run into your site:
http://sitecheck.sucuri.net/

For the files, just unzip into your local folder and run an Antivirus program.

If your server has been compromissed, let me know, as security sysadmin with 15y of experience I can track and isolate the thread, securizing your system from hackers.
**Only for VPS or dedicated servers over Linux. Just send me a pm.

-oo-

Thanks for your post, it is very useful , is there any good security check list for linux Vps which you can share ? It would be very helpful