12-18-2018, 01:11 PM
Sahydian, I've been watching this wonderful thread since it 1st appeared to me in the new posts list a while back, thank you for sharing such valuable info.
I've become specifically concerned about the many reports of webshell infections.
It seems they are present in original addons from the big addon seller's sites - but noplace have I found a 'cure' showing how to locate this extra code and remove it.
Looking into reports about webshell shows that it opens backdoors into WP servers allowing exploits to happen very easily.
I've also kept track of this other thread which has several suggestions:
http://bestblackhatforum.com/Thread-GET-...E-Solution
Searching on 'webshell' here brings a startling 25 pages of results !!!
It is even present in such famous and original addons as Avada.
What do other folks here do about it ??
Mostly folks just criticize it as a FP and trash talk BKAV for making the FP.
Oddly enough, the BKAV folks started showing this was real way back in 2013, look:
The above even includes a link to get a little tool to help detect webshell despite how it uses encryption and/or steganography.
Here are a couple of other places to find more webshell info:
There'e lots more to be seen - but most of it in not in english, sadly.
My suggestion for most folks is to always have a spare WP installation on free or cheap hosting using a free domain name - to have detection and protection addons installed and ready there, and to test any new addons one wishes to use on that, as sort of a sandbox.
Still, at the end of the day it would be great if someone could come forth with a way to reliably detect AND to remove webshell infections if/when they are present !!
I've become specifically concerned about the many reports of webshell infections.
It seems they are present in original addons from the big addon seller's sites - but noplace have I found a 'cure' showing how to locate this extra code and remove it.
Looking into reports about webshell shows that it opens backdoors into WP servers allowing exploits to happen very easily.
I've also kept track of this other thread which has several suggestions:
http://bestblackhatforum.com/Thread-GET-...E-Solution
Searching on 'webshell' here brings a startling 25 pages of results !!!
It is even present in such famous and original addons as Avada.
What do other folks here do about it ??
Mostly folks just criticize it as a FP and trash talk BKAV for making the FP.
Oddly enough, the BKAV folks started showing this was real way back in 2013, look:
Code:
http://security.bkav.com/home/-/blogs/some-webshell-hiding-techniques-and-detecting-solutions/normalHere are a couple of other places to find more webshell info:
Code:
https://dfarq.homeip.net/reversing-wordpress-malware/
https://blog.wpscans.com/finding-php-and-wordpress-backdoors-using-antivirus-and-indicator-of-compromise/
http://www.shelldetector.com/#homeMy suggestion for most folks is to always have a spare WP installation on free or cheap hosting using a free domain name - to have detection and protection addons installed and ready there, and to test any new addons one wishes to use on that, as sort of a sandbox.
Still, at the end of the day it would be great if someone could come forth with a way to reliably detect AND to remove webshell infections if/when they are present !!
