58.gif
Best Blackhat Forum / BlackHat SEO & WhiteHat SEO / Tutorial Section / How to detect Malicious code in nulled or Free WordPress Themes and Plugins

Search (advanced search)
Use this Search form before posting, asking or make a new thread.
Tips: Use Quotation mark to search words (eg. "How To Make Money Online")

New Reply
 
12-18-2018, 01:11 PM (This post was last modified: 12-18-2018 01:12 PM by Lumos.)
Post: #31
Lumos Offline
The Black Knights
********
Posts: 12,921
Joined: Mar 2017

Reputation: 32093
Thumbs Up RE: How to detect Malicious code in nulled or Free WordPress Themes and Plugins
Sahydian, I've been watching this wonderful thread since it 1st appeared to me in the new posts list a while back, thank you for sharing such valuable info.

I've become specifically concerned about the many reports of webshell infections.
It seems they are present in original addons from the big addon seller's sites - but noplace have I found a 'cure' showing how to locate this extra code and remove it.

Looking into reports about webshell shows that it opens backdoors into WP servers allowing exploits to happen very easily.

I've also kept track of this other thread which has several suggestions:
http://bestblackhatforum.com/Thread-GET-...E-Solution

Searching on 'webshell' here brings a startling 25 pages of results !!!
It is even present in such famous and original addons as Avada.
What do other folks here do about it ??
Mostly folks just criticize it as a FP and trash talk BKAV for making the FP.

Oddly enough, the BKAV folks started showing this was real way back in 2013, look:
Code:
http://security.bkav.com/home/-/blogs/some-webshell-hiding-techniques-and-detecting-solutions/normal
The above even includes a link to get a little tool to help detect webshell despite how it uses encryption and/or steganography.

Here are a couple of other places to find more webshell info:
Code:
https://dfarq.homeip.net/reversing-wordpress-malware/
https://blog.wpscans.com/finding-php-and-wordpress-backdoors-using-antivirus-and-indicator-of-compromise/
http://www.shelldetector.com/#home
There'e lots more to be seen - but most of it in not in english, sadly.

My suggestion for most folks is to always have a spare WP installation on free or cheap hosting using a free domain name - to have detection and protection addons installed and ready there, and to test any new addons one wishes to use on that, as sort of a sandbox.

Still, at the end of the day it would be great if someone could come forth with a way to reliably detect AND to remove webshell infections if/when they are present !!
Thanks
I totally despise board spammers and spambots !!!
find Quote
06-04-2019, 03:57 AM
Post: #32
trader11 Offline
Super Active BBHF Member
*****
Posts: 5,253
Joined: Sep 2012

Reputation: 15
RE: How to detect Malicious code in nulled or Free WordPress Themes and Plugins
Very useful information. Thanks for sharing the tips
find Quote
07-27-2019, 12:13 PM
Post: #33
rayane32 Offline
Member
***
Posts: 104
Joined: Mar 2019

Reputation: 129
RE: How to detect Malicious code in nulled or Free WordPress Themes and Plugins
Great post bro thanks Perfect 10
find Quote
07-31-2019, 03:53 AM
Post: #34
vidladdie Offline
The Black Knights
********
Posts: 6,567
Joined: Jul 2016

Reputation: 18712
RE: How to detect Malicious code in nulled or Free WordPress Themes and Plugins
(07-14-2016 06:48 AM)sahydian Wrote:  thanks for comments guys!
All I can say is
THANK YOU
A truly appreciated share
max reps left

Happydance Happydance Happydance Thanks
I can't stand a naked light bulb, any more than I can a rude remark or a vulgar action. Tennessee Williams
find Quote
New Reply
 




54.gif
Contact Us | BestBlackhatForum | Return to Top | Return to Content | Lite (Archive) Mode