Exploit Scanning With Shell

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • smutnut
    So Fucking Banned
    • Jul 2007
    • 5889

    #1

    Exploit Scanning With Shell

    Good Sunday Morning to you.

    I have two domains that have exploits on them. At least google is telling me this. One I had for a while and one I just moved hosting to this server and now google sees it.

    It's referencing a certain domain that placed malware. Does this mean I should be able to find that url somewhere on my pages if I search my html through shell?

    Also, (also I think this is important) shell and exploit scanner will crash if I do this from main root(s). At least this is happening now with exploit scanner plug in, and I think this happened before if I remember correctly when I used shell to search. Forget how to do it now so...

    Also what is the shell input again to do this seach LOL ?

    Also (or extra note). I just somehow removed most malware from all the subdomains for the site I just moved (about six), or at least google thinks I did. Does this mean anything. (I deleted lots of plug ins and templates.

    Thanks in advance.

    This has been my weekend. How has yours been LOL?
  • BradBreakfast
    Confirmed User
    • Feb 2008
    • 415

    #2
    You probably are running an old out of date script that is exploitable. I offer secure Wordpress hosting that's reasonable. brad(at)boysforbreakfast(dot)com
    Last edited by BradBreakfast; 05-20-2012, 04:12 AM.
    GetClicky - The World's Most Advanced Real Time Ajax-based Analytics

    Comment

    • ladida
      Confirmed User
      • Nov 2005
      • 2179

      #3
      Originally posted by smutnut
      It's referencing a certain domain that placed malware. Does this mean I should be able to find that url somewhere on my pages if I search my html through shell?
      That domain it's referencing is stealing your traffic. You won't find it in cleartext like you think because that would be too easy. It's most likely obfuscated in javascript or hex or some other crap like that they like to use. Get someone to clean it for you if host can't.
      agentGFY *at* gmail.com

      Comment

      • Oracle Porn
        Affiliate
        • Oct 2002
        • 24433

        #4
        Originally posted by ladida
        That domain it's referencing is stealing your traffic. You won't find it in cleartext like you think because that would be too easy. It's most likely obfuscated in javascript or hex or some other crap like that they like to use. Get someone to clean it for you if host can't.
        what if you host can't and doesn't give root access to someone who can?


        Comment

        • raymor
          Confirmed User
          • Oct 2002
          • 3745

          #5
          root access is probably not required. SSH access would be extremely useful, though. If the host can't or won't take care of it and won't let anyone else take care of it, then the host is your primary problem at that point. You'd have to replace the host if, after appropriate discussion, they continue to refuse to allow the problem to be addressed.

          We've built some tools to help find problems like this. We also have good relationships with many hosting companies. Based on the reputation we've built over many years, they are sometimes comfortable granting us access that they wouldn't grant to must any random person. After all, if they are tuning Apache they're ALREADY trusting our code.
          For historical display only. This information is not current:
          support@bettercgi.com ICQ 7208627
          Strongbox - The next generation in site security
          Throttlebox - The next generation in bandwidth control
          Clonebox - Backup and disaster recovery on steroids

          Comment

          • Best-In-BC
            Confirmed User
            • Jun 2002
            • 9511

            #6
            Originally posted by Oracle Porn
            what if you host can't and doesn't give root access to someone who can?
            You move hosts ASAP!
            Vacares - Web Hosting, Domains, O365, Security & More
            Unparked domains burning a hole in your pocket? 5 Simple Ways to Make Easy $$$ from Unused Domains

            Comment

            • funnybone
              Confirmed User
              • Apr 2006
              • 422

              #7
              I had a similar hack on a site running Vbulletin 3 with a sneaky js redirect insert.

              This is the shell script I used

              Code:
              for i in $(find . -name '*.php')
              do
              sed -i -r 's#eval\(base64_decode\([^\)]+\)\);##g' "${i}"
              done
              Only good if the code inserted starts with eval(base64_decode(.
              That's just a temporary fix, though.

              Comment

              • papill0n
                Unregistered Abuser
                • Oct 2007
                • 15547

                #8
                Always keep wordpress updated

                Comment

                • garce
                  Confirmed User
                  • Oct 2001
                  • 7103

                  #9
                  Originally posted by papill0n
                  Always keep wordpress updated
                  That'll help. Rofl.

                  Comment

                  Working...