57.gif

Search (advanced search)
Use this Search form before posting, asking or make a new thread.
Tips: Use Quotation mark to search words (eg. "How To Make Money Online")

05-10-2015, 11:54 AM
Post: #1
Backdoor in Backupbuddy 601
I found a backdoor script on backupbuddy 601 from wplocker, it ads the following code that you will only find when you use importbuddy, you can find the malware code at the end of the file importbuddy/pluginbuddy/_pluginbuddy.php. starting at line 1720.

If anyone used this version of importbuddy to restore/migrate a site check your db for strange users.

Never trust virustotal when using php scripts, it is impossible to keep track of so many php malware, your best bet is to unzip the script, load sublime text edit and do a file search for red flag words. some of the ones i use:

eval
exec
enqueue_script
system
base64
_decode
jquery
nilog
jqeury

and several others...
05-10-2015, 12:19 PM
Post: #2
RE: Backdoor in Backupbuddy 601
If anyone need a clean importbuddy.php you can get it from the link bellow

get clean file here
05-10-2015, 12:23 PM
Post: #3
RE: Backdoor in Backupbuddy 601
thanks fro the info
PBN hosting 3$ / Month

Disk space (MB) 1.000 - Monthly Bandwidth (MB) 1.000 - 1 Parked Domain - 2 Sub Domains
5 Email Accounts - LiteSpeed SSD Raid 10 - 99.99% Uptime
05-10-2015, 12:39 PM
Post: #4
RE: Backdoor in Backupbuddy 601
Link broke... :(
05-10-2015, 12:54 PM
Post: #5
RE: Backdoor in Backupbuddy 601
Sorry, new link for clean file importbuddy.php to see the password to import a bakcup open the php file it is in a comment by the base 64 coded password.
24.gif
05-10-2015, 03:46 PM
Post: #6
RE: Backdoor in Backupbuddy 601
Thanks Xantor for your info, but why you have "0" repp after you join mar 2014? *just asking :)
05-10-2015, 04:14 PM
Post: #7
RE: Backdoor in Backupbuddy 601
@Xantor, I gave 1 rep for your effort.
05-10-2015, 06:53 PM
Post: #8
RE: Backdoor in Backupbuddy 601
+5 thank you for helping all
05-11-2015, 11:39 AM (This post was last modified: 05-11-2015 11:50 AM by wprocker.)
Post: #9
RE: Backdoor in Backupbuddy 601
Sheeeeeeeeeeeeeet!!

+5 thank you all for helping, I was about to install on my site?!!!!

Have a good one
WP Rocks DaHouze
05-11-2015, 11:47 AM
Post: #10
RE: Backdoor in Backupbuddy 601
Nice effort! Reps+
31.gif




6.gif