60.gif

Search (advanced search)
Use this Search form before posting, asking or make a new thread.
Tips: Use Quotation mark to search words (eg. "How To Make Money Online")

11-15-2016, 06:45 AM
Post: #21
RE: [WARNING] Virus Infected Themes / Plugins From Popular "Nulled" Websites
Thanks for the great tip. Can never know too much about this subject/hacking.
Thanks for sharing your experience and saving others from going down that road.

BATMAN
11-15-2016, 06:49 AM
Post: #22
RE: [WARNING] Virus Infected Themes / Plugins From Popular "Nulled" Websites
(11-15-2016 06:10 AM)Gadzookz Wrote:  Adding this to your htaccess file can defend against alot of nastiness:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC]
RewriteRule ^(.*)$ - [F,L]
RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
RewriteCond %{QUERY_STRING} tag\= [NC,OR]
RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
RewriteCond %{QUERY_STRING} http\: [NC,OR]
RewriteCond %{QUERY_STRING} https\: [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|ê|"|;|\?|\*|=$).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(and#x22;|and#x27;|and#x3C;|and#x3E;|and#x5C;|and#x7B;|and#x7C;).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%24&x).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F|127\.0).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(request|select|insert|union|declare).* [NC]
RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$
RewriteRule ^(.*)$ - [F,L]
</IfModule>

Thanks for decoding with an explanation and for the htaccess additions! :)
11-15-2016, 05:11 PM
Post: #23
RE: [WARNING] Virus Infected Themes / Plugins From Popular "Nulled" Websites
(11-15-2016 06:49 AM)jendaceo Wrote:  
(11-15-2016 06:10 AM)Gadzookz Wrote:  Adding this to your htaccess file can defend against alot of nastiness:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC]
RewriteRule ^(.*)$ - [F,L]
RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
RewriteCond %{QUERY_STRING} tag\= [NC,OR]
RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
RewriteCond %{QUERY_STRING} http\: [NC,OR]
RewriteCond %{QUERY_STRING} https\: [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|ê|"|;|\?|\*|=$).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(and#x22;|and#x27;|and#x3C;|and#x3E;|and#x5C;|and#x7B;|and#x7C;).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%24&x).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F|127\.0).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(request|select|insert|union|declare).* [NC]
RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$
RewriteRule ^(.*)$ - [F,L]
</IfModule>

Thanks for decoding with an explanation and for the htaccess additions! :)

no problem.
11-15-2016, 08:18 PM
Post: #24
RE: [WARNING] Virus Infected Themes / Plugins From Popular "Nulled" Websites
Thanks reps added for the great information.
11-15-2016, 09:36 PM
Post: #25
RE: [WARNING] Virus Infected Themes / Plugins From Popular "Nulled" Websites
Thanks for this piece... But after scanning virus total I only get results showing some files are infected... How do I know the exact file... It doesn't say... Virus total just display malicious site
57.gif
11-16-2016, 01:09 AM
Post: #26
RE: [WARNING] Virus Infected Themes / Plugins From Popular "Nulled" Websites
(11-15-2016 05:11 PM)Gadzookz Wrote:  
(11-15-2016 06:49 AM)jendaceo Wrote:  
(11-15-2016 06:10 AM)Gadzookz Wrote:  Adding this to your htaccess file can defend against alot of nastiness:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC]
RewriteRule ^(.*)$ - [F,L]
RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
RewriteCond %{QUERY_STRING} tag\= [NC,OR]
RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
RewriteCond %{QUERY_STRING} http\: [NC,OR]
RewriteCond %{QUERY_STRING} https\: [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|ê|"|;|\?|\*|=$).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(and#x22;|and#x27;|and#x3C;|and#x3E;|and#x5C;|and#x7B;|and#x7C;).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%24&x).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F|127\.0).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(request|select|insert|union|declare).* [NC]
RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$
RewriteRule ^(.*)$ - [F,L]
</IfModule>

Thanks for decoding with an explanation and for the htaccess additions! :)

no problem.
Thanks for helping the community. Max Reps Added Perfect 10
11-16-2016, 03:51 AM
Post: #27
RE: [WARNING] Virus Infected Themes / Plugins From Popular "Nulled" Websites
(11-15-2016 09:36 PM)donfunds Wrote:  Thanks for this piece... But after scanning virus total I only get results showing some files are infected... How do I know the exact file... It doesn't say... Virus total just display malicious site

Upload theme to themecheck ,it will say exactly where to fix!
11-16-2016, 04:57 AM
Post: #28
RE: [WARNING] Virus Infected Themes / Plugins From Popular "Nulled" Websites
This is an excellent thread and members here should always be aware of possible problems with downloads. Thanks and reps to the OP!
Cheers,
NoJob
This is a message to all those who don't understand, "Sharing is Caring". If you aren't working to make this a better place (ie having a REP of at least 100) don't ask me for help. Everyone has something on their hard drive they can share. Everyone has the time to offer a review or create a mirror! Thanks
11-16-2016, 05:03 AM (This post was last modified: 11-16-2016 05:06 AM by berlinerin.)
Post: #29
RE: [WARNING] Virus Infected Themes / Plugins From Popular "Nulled" Websites
Question please:
is an Html-Side securer than wp?

Are there any wp-plugins for real security?
So... tell me.. what can I do?

Without coding
____________________________________________________________
✨⭐⭐️️Heart⭐⭐️️✨
____________________________________________________________

✨ OPEN A NEW ETSY SHOP WITH THIS FREE 40 LISTINGS
FOR 4 MONTH! https://etsy.me/3MVv7ZI
11-16-2016, 05:08 AM
Post: #30
RE: [WARNING] Virus Infected Themes / Plugins From Popular "Nulled" Websites
(11-16-2016 05:03 AM)berlinerin Wrote:  Question please:
is an Html-Side securer than wp?

Are there any wp-plugins for real security?
So... tell me.. what can I do?

Without coding

Yes, HTML site secure than wp

Wordfence is a good plugin to safeguard your site but my advise is don't download themes from unknown members.. There are some reputed members who run GB which absolutely cost nothing so join them
55.gif




68.gif