09-26-2014, 04:11 AM
Pro-theme just wants to post the file. I dont think they care aboutrep. I myself have reauested they. give more attention to there posts, like using another file server but just got negitive response.
09-26-2014, 04:11 AM
09-26-2014, 04:11 AM
(09-25-2014 10:55 AM)BRZ Wrote: [ -> ]If you found something infected or suspect, promptly report it as malicious with the following message and hitting the report button:I appreciate what you are doing and agree with you, with one very important exception!
This nonsense has uploaded an infected item, and the OP should be permanently banned!
We are sharing our findings on these threads below, compiling a list of Members uploading infected items, as well the URLs.
Do not download it!
And please, help us on it here:
For Plug-ins:
http://bestblackhatforum.com/Thread-List...d-BE-AWARE
For Themes:
http://bestblackhatforum.com/Thread-List...d-BE-AWARE
Thanks,
Advising members to hit the REPORT button will only send the complaint into a CYBER BLACKHOLE. If you want to get the MODS attention, send a PM directly to them! The REPORT area is so overloaded with so many posts to ti that it is not even looked at.
This is not my opinion, but rather told to me via PM by one of the MODS (NonConformer) and he further states that if you want to let them know about a problem, the REPORT button is the last place you want to visit.
The MODS to contact via PM are as follows:
NonConformer
DirectDownload
Lala.
This is absolutely your best option to draw attention and quicker action to your issue...
09-26-2014, 04:39 AM
I think this should teach us all a lesson...
A lot of newbies get into nulled/DOWNLOAD forums trying to get some scripts for free, without even the minimum knowledge required to scan those scripts. Nulled scripts aren't just a "go build a money making website for free in a few minutes", it's more of a "learn how they are done, test drive them, see if they meet your needs, but if you're planning on doing some serious development or creating a good website, go ahead and BUY them".
I've seen users here that don't even know the difference between an encoded script and an obfuscated script!
Nulled scripts aren't for everyone's use. I've shared some scripts and you can bet they're 100% clean, since I make my living from my day to day work, so I don't need to get some affiliate cents by placing malicious codes. I also have root access to over 400 servers, so there's no use for me to hack a simple webhosting account.
However, when I download a script, I first run some checks looking for fsockopen, curl, fopen, fread, etc. calls just to make sure that it has no callbacks either to the script's author or to another website (for an instance, the nulled WHMCS released by sogomoo/mtimer has a callback to his server, if his server is taken offline, those WHMCS installs will stop working).
Then I search for eval, gzip, base64 calls to ensure that there's no "hidden" code within the readable code.
If everything goes OK, then I proceed to see if I use that script to test drive it or if I go ahead and start creating a product of my own based on that script.
However if you're just a "leech and install" user, then it's only fair to say that you deserve to have your website hijacked/hacked.
Just my 2c.
A lot of newbies get into nulled/DOWNLOAD forums trying to get some scripts for free, without even the minimum knowledge required to scan those scripts. Nulled scripts aren't just a "go build a money making website for free in a few minutes", it's more of a "learn how they are done, test drive them, see if they meet your needs, but if you're planning on doing some serious development or creating a good website, go ahead and BUY them".
I've seen users here that don't even know the difference between an encoded script and an obfuscated script!
Nulled scripts aren't for everyone's use. I've shared some scripts and you can bet they're 100% clean, since I make my living from my day to day work, so I don't need to get some affiliate cents by placing malicious codes. I also have root access to over 400 servers, so there's no use for me to hack a simple webhosting account.
However, when I download a script, I first run some checks looking for fsockopen, curl, fopen, fread, etc. calls just to make sure that it has no callbacks either to the script's author or to another website (for an instance, the nulled WHMCS released by sogomoo/mtimer has a callback to his server, if his server is taken offline, those WHMCS installs will stop working).
Then I search for eval, gzip, base64 calls to ensure that there's no "hidden" code within the readable code.
If everything goes OK, then I proceed to see if I use that script to test drive it or if I go ahead and start creating a product of my own based on that script.
However if you're just a "leech and install" user, then it's only fair to say that you deserve to have your website hijacked/hacked.
Just my 2c.
09-26-2014, 05:01 AM
(09-25-2014 12:02 PM)omg Wrote: [ -> ]this is the same as this thread hereForum users need to be reminded of infected shares by nefarious "members".
http://bestblackhatforum.com/Thread-List...d-BE-AWARE
09-26-2014, 11:46 PM
(09-25-2014 11:54 AM)BRZ Wrote: [ -> ]Lets report and get these low life guys banned from here...
I have other four infected items from Flagged as VIRUS SPAM SITE (Do NOT CLICK!!!)-vip that has been downloaded before but I didn't check it, and also didn't use it.
I just saw it on my computer. So they are massively spreading their code, I think.
There are other people as well, but I'll study them carefully prior to publicly blaming them as malicious code spreading.
Why these pigs are still here?
Black hat doesn't mean exactly: screw everyone at all costs.
Many people share good and safe stuff, and that's the way it should be, right? :)
---
Another tip is:
Also bear in mind to search for an image that are mostly called social.png
It is not an image, but an script shared by some people to screw you as well. Remember, the name really does not matter: keep an eye on the image itself!
To find scripts mascaraed as images, simply browse the pictures in Windows Explorer or whatever, previewing them in any way you prefer. If an image shows nothing, try opening it with a text processor, and you probably will see an script, as it may not be an image.
IT CAN also be
thumb.png and this files will be called by a 1 line code and end/top of some .php files included
path most time is
img/thumb.png
or
images/thumb.png
however... this is a world of fuckheads.... hope the got head up by *IS*
09-27-2014, 01:19 AM
I decided a long time ago not to believe anybodies virustotal. I run it through virustotal.com and then run it through malwarebytes, super anti spyware
and bitdefender. I then have my wife talk to it and if it can survive that, it's clean, providing it didn't commit suicide.
and bitdefender. I then have my wife talk to it and if it can survive that, it's clean, providing it didn't commit suicide.
09-27-2014, 03:32 AM
ban that dombass...
09-27-2014, 03:53 AM
every body.. hit the report button to ban Flagged as VIRUS SPAM SITE (Do NOT CLICK!!!)-vip
09-27-2014, 03:56 AM
No report button not effective enough. If you find a file with virus pm a mod with link and info.
09-27-2014, 10:15 AM
(09-27-2014 03:56 AM)BigLeech Wrote: [ -> ]No report button not effective enough. If you find a file with virus pm a mod with link and info.Part of the problem, and why it is difficult to catch them, is that half the time, the original files seem innocent enough, but they then download some file, either l.php or hatty.php, or googledrive.html (and these are just the ones I have picked up), via curl.
After that, all hell breaks loose.
Compounding the problem is that sometimes the hacks don't even 'infect' your normal WP site. So most of the time, plugins like TAC, or indeed the security plugins that test the integrity of core files don't pick them up. These guys have moved on from inserting links into your pages ... that's quite easy to spot by inspecting the HTML source.
The googledrive.html page for example, combined with the l.php were a phishing page and mailer. I might still have a copy around somewhere and I'll share them here. So while your WP site might seem fine, your hosting/server is being used to send out phishing emails, and sometimes actually host phishing pages.
My take is that unless you are sharing original files that you have downloaded, you probably should not be sharing. And if you do, you should point this out to fellow members of BBHF, and then allow them to take an informed risk.