Best Blackhat Forum

Best Blackhat Forum > Freebies > Software, Scripts, Plug-ins, Tools and Bots > CryptoPHP - Backdoor in Thousands of CMS Plugins and Themes
Full Version: CryptoPHP - Backdoor in Thousands of CMS Plugins and Themes
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2

xiaofang

11-25-2014, 04:43 AM
http://thehackernews.com/2014/11/cryptop...hemes.html
go here and read the story

ALBANIAN BEAST IN BBHF

11-26-2014, 02:14 AM
(11-25-2014 04:43 AM)xiaofang Wrote: [ -> ]http://thehackernews.com/2014/11/cryptop...hemes.html
go here and read the story
HOW THE HELL CAN WE KNOW WHICH SCRIPT? UNKNOWN DETAILS and I HAVENT SEEN ANY UPDATE OR THREAD ABOUT THIS IN THE FORUM...

I HOPE ITS NOT AS BAD AS IT SEEMS... PERSONALLY I PREFER MORE EASY AND USEFUL SCRIPTS, THAN TO DOWNLOAD THEM FROM UNKNOWN SOURCES.

DrugsIsTakingOverYourMind

11-26-2014, 02:21 AM
(11-26-2014 02:14 AM)crymetyme Wrote: [ -> ]
(11-25-2014 04:43 AM)xiaofang Wrote: [ -> ]http://thehackernews.com/2014/11/cryptop...hemes.html
go here and read the story
HOW THE HELL CAN WE KNOW WHICH SCRIPT? UNKNOWN DETAILS and I HAVENT SEEN ANY UPDATE OR THREAD ABOUT THIS IN THE FORUM...

I HOPE ITS NOT AS BAD AS IT SEEMS... PERSONALLY I PREFER MORE EASY AND USEFUL SCRIPTS, THAN TO DOWNLOAD THEM FROM UNKNOWN SOURCES.
Open your eyes a bitalready topic about in VIP section if imright

basuraza

11-26-2014, 02:31 AM
I would say that at least 80% of the shared code has this backdoor, so it was your fault not using malware antivirus or run your own tests before uploading to your servers.
TAC from wordpress and Core Security Ninja
http://codecanyon.net/item/core-scanner-...ja/2927931
https://wordpress.org/plugins/tac/
https://wordpress.org/plugins/wordfence/
https://wordpress.org/plugins/sucuri-scanner/
http://wordpress.org/plugins/wp-antiviru...rotection/
http://wordpress.org/plugins/antivirus/
https://wordpress.org/plugins/gotmls/
https://wordpress.org/plugins/quttera-we...e-scanner/
https://wordpress.org/plugins/wemahu/
http://wordpress.org/plugins/exploit-scanner/

If you really need to know if it changes something into the system with no notice check:
http://wordpress.org/plugins/wp-changes-tracker/
Log checker: https://wordpress.org/plugins/wp-security-audit-log/

And do a run into your site:
http://sitecheck.sucuri.net/

For the files, just unzip into your local folder and run an Antivirus program.

If your server has been compromissed, let me know, as security sysadmin with 15y of experience I can track and isolate the thread, securizing your system from hackers.
**Only for VPS or dedicated servers over Linux. Just send me a pm.

-oo-

xiaofang

11-26-2014, 03:15 AM
Yes check always script before u use them. there is lots of newbie and leechers in the scene and they think is BIG to share others artwork decoding and nulling. Yes this is a art. and lots of hours behind all decoded and nulled script good guy share and fix.
But leecher see only one thing and take credits so lots of host are hijacked becuase they not test before.
so check all you newer know

myshare

11-26-2014, 04:37 AM
fake news, they want force you to buy things than download for free, peace

xiaofang

11-26-2014, 05:44 AM
You think smile
you can do some command line hehe and see if your host and domain is hijacked with a backdoor.
If you do a search you will find some useful command line. so is not fake news
So always check script before and maybee look after some png file

ALBANIAN BEAST IN BBHF

11-26-2014, 06:41 AM
(11-26-2014 02:21 AM)DrugsIsTakingOverYourMind Wrote: [ -> ]
(11-26-2014 02:14 AM)crymetyme Wrote: [ -> ]
(11-25-2014 04:43 AM)xiaofang Wrote: [ -> ]http://thehackernews.com/2014/11/cryptop...hemes.html
go here and read the story
HOW THE HELL CAN WE KNOW WHICH SCRIPT? UNKNOWN DETAILS and I HAVENT SEEN ANY UPDATE OR THREAD ABOUT THIS IN THE FORUM...

I HOPE ITS NOT AS BAD AS IT SEEMS... PERSONALLY I PREFER MORE EASY AND USEFUL SCRIPTS, THAN TO DOWNLOAD THEM FROM UNKNOWN SOURCES.
Open your eyes a bitalready topic about in VIP section if imright
TOO BUSY BRO FOR STAYING UPDATED IN EVERY THREAD...

inferno885

11-26-2014, 06:43 AM
this actually happens tho, this is why I never use a plugin/theme on my site that was shared on a blackhat forum.

Burak01

11-26-2014, 12:06 PM
(11-26-2014 02:31 AM)basuraza Wrote: [ -> ]I would say that at least 80% of the shared code has this backdoor, so it was your fault not using malware antivirus or run your own tests before uploading to your servers.
TAC from wordpress and Core Security Ninja
http://codecanyon.net/item/core-scanner-...ja/2927931
https://wordpress.org/plugins/tac/
https://wordpress.org/plugins/wordfence/
https://wordpress.org/plugins/sucuri-scanner/
http://wordpress.org/plugins/wp-antiviru...rotection/
http://wordpress.org/plugins/antivirus/
https://wordpress.org/plugins/gotmls/
https://wordpress.org/plugins/quttera-we...e-scanner/
https://wordpress.org/plugins/wemahu/
http://wordpress.org/plugins/exploit-scanner/

If you really need to know if it changes something into the system with no notice check:
http://wordpress.org/plugins/wp-changes-tracker/
Log checker: https://wordpress.org/plugins/wp-security-audit-log/

And do a run into your site:
http://sitecheck.sucuri.net/

For the files, just unzip into your local folder and run an Antivirus program.

If your server has been compromissed, let me know, as security sysadmin with 15y of experience I can track and isolate the thread, securizing your system from hackers.
**Only for VPS or dedicated servers over Linux. Just send me a pm.

-oo-
Thanks for your post, it is very useful , is there any good security check list for linux Vps which you can share ? It would be very helpful Smile
Pages: 1 2
Best Blackhat Forum > Freebies > Software, Scripts, Plug-ins, Tools and Bots > CryptoPHP - Backdoor in Thousands of CMS Plugins and Themes
Reference URL's