init.php ??? A Backdoor Files ????

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Brian mike
    #Alberta51
    • Oct 2014
    • 8735

    #1

    Tech init.php ??? A Backdoor Files ????

    Filename: wp-content/themes/init.php

    File Type: Not a core, theme, or plugin file from wordpress.org.

    Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: de($x)));');$b374k("H4sIAAAAAAACA+z9eZ+jyLEwCv/vT1GuZ+6p7kNPg0ALTLvHB0ksEhJCgCTA9u0fO4hVbAJsf/cLaCmpqnoZj895n/c+d/xzF8olMjIyIjIiMzLzT3+OnfjhJ2qxGuML4S9PQWTkvvkli774 kWo8/e3h84OaJGr17tEsYz9KzOTxw8NjZiaB....

    The infection type is: A backdoor known as 18aaaa.

    Should i push Deleted this files?, got Notice by wordfence but sometimes those mean not much

    Serious question here .

    Thanks
    Tube - Cam - Escorts - Top List
    Menu Tab - Banner - Header Link - Blog Post
    DM me
  • bns666
    Confirmed Fetishist
    • Mar 2005
    • 11554

    #2
    i would reinstall the whole site, who knows which wp files did that init.php modify.
    CAM SODASTRIPCHAT
    CHATURBATEX LOVE CAM

    Comment

    • 8pt-buck
      So Fucking Banned
      • Aug 2013
      • 4011

      #3
      Read this thread on 18aaaa ( Post #5 & 6 )

      https://www.cloudlinux.com/forum/imu...rantined-files

      Comment

      • Brian mike
        #Alberta51
        • Oct 2014
        • 8735

        #4
        Originally posted by bns666
        i would reinstall the whole site, who knows which wp files did that init.php modify.
        Thats exactly what Sly told me yesterday
        SUCKS was getting good SE traffic with that site running WP-Script ,
        Starting fresh not so tempting

        Originally posted by 8pt-buck
        Read this thread on 18aaaa ( Post #5 & 6 )

        https://www.cloudlinux.com/forum/imu...rantined-files
        Don't know if because im half as sleep still but Cant find #6 lol, unless i need to create an account to see restricted post ?
        I only saw 5 post reply.

        Thanks for your replied.
        Tube - Cam - Escorts - Top List
        Menu Tab - Banner - Header Link - Blog Post
        DM me

        Comment

        • just a punk
          So fuckin' bored
          • Jun 2003
          • 32393

          #5
          Originally posted by bns666
          i would reinstall the whole site, who knows which wp files did that init.php modify.
          That won't help. There is a breach somewhere. It can be a backdoor (99% of so-called nulled plugins and themes for WordPress have it). Or it can be a problem with server itself. E.g. Ubuntu OS - the system that can be hacked in a minute by even a monkey.
          Obey the Cowgod

          Comment

          • Bladewire
            StraightBro
            • Aug 2003
            • 56228

            #6
            ↑↑↑ Truth

            So many WordPress thrmes & plugins are not secure.


            Skype: CallTomNow

            Comment

            • Brian mike
              #Alberta51
              • Oct 2014
              • 8735

              #7
              They have injected Mining Code to the site.

              <div style="position:absolute;left:-4865px;top:-3595px;">
              <a href="http://grainesdesol.fr/index.php?gnregr=lenovo-miix-2-8-factory-reset">grainesdesol.fr</a>
              </div>
              <div style="position:absolute; left:-5477px;top:-1560px;">
              <a href="http://market4.ir/index.php?hnhjkl=can-you-make-money-selling-bitcoins">market4.ir</a>
              <a href="http://market4.ir/index.php?hnhjkl=cara-mining-bitcoin-di-android">earn on android</a> earn bitcoin on android 2017
              <a href="http://market4.ir/index.php?hnhjkl=is-it-good-idea-to-invest-in-bitcoin">here</a>
              <a href="http://market4.ir/index.php?hnhjkl=bitcoin-conversion-calc">http://market4.ir</a>
              </div>

              <div style="position:absolute;left:-4865px;top:-3595px;">
              <a href="http://grainesdesol.fr/index.php?gnregr=lenovo-miix-2-8-factory-reset">grainesdesol.fr</a>
              </div>
              <div style="position:absolute; left:-5477px;top:-1560px;">
              <a href="http://market4.ir/index.php?hnhjkl=can-you-make-money-selling-bitcoins">market4.ir</a>
              <a href="http://market4.ir/index.php?hnhjkl=cara-mining-bitcoin-di-android">earn on android</a> earn bitcoin on android 2017
              <a href="http://market4.ir/index.php?hnhjkl=is-it-good-idea-to-invest-in-bitcoin">here</a>
              <a href="http://market4.ir/index.php?hnhjkl=bitcoin-conversion-calc">http://market4.ir</a>

              But but but This happened While the Server WP-script was down 2x during the month for roughly a week each time. Weird Weird Weird

              SO i wonder IF that WP-Script Server issue Could have made my site become WEAK by using his WEAK FREE Theme while license server down...

              IS over a week i got a bad feeling about it. WEIRDDDDDDDD
              Tube - Cam - Escorts - Top List
              Menu Tab - Banner - Header Link - Blog Post
              DM me

              Comment

              • Sly
                Let's do some business!
                • Sep 2004
                • 31376

                #8
                Originally posted by Brian mike
                They have injected Mining Code to the site.
                But but but This happened While the Server WP-script was down 2x during the month for roughly a week each time. Weird Weird Weird

                SO i wonder IF that WP-Script Server issue Could have made my site become WEAK by using his WEAK FREE Theme while license server down...

                IS over a week i got a bad feeling about it.
                I wouldn't focus blame on any one theme or plug-in, this is a "nature of the beast" scenario with WordPress. This is why it's crucial to have any WordPress installations set up in an environment where any malicious injections will not impact other sites. It's also crucial to make sure WordPress, themes and plug-ins are updated at all times.

                There is a very common practice of "build and forget" in the affiliate marketing industry. Unfortunately with WordPress this is a disaster waiting to happen because there are so many vulnerabilities. The best way to prevent mass disaster is creating a proper environment as mentioned above and updating religiously. Even this does not guarantee victory.

                As the old saying goes "it is what it is." Take the best precautions you can, do the best maintenance you can and accept that things may/can go wrong.

                By the way, you can rebuild your site without losing the search engine traffic that you spoke of. We have done it for literally hundreds of sites. Rebuilding the site does not mean total failure. It simply means some good ol' elbow grease. ;-)
                Vacares - Web Hosting, Domains, O365, Security & More - Paxum and BTC Accepted

                Windows VPS now available
                Great for TSS, Nifty Stats, remote work, virtual assistants, etc.
                Click here for more details.

                Comment

                • magneto664
                  God Bless You
                  • Aug 2014
                  • 1470

                  #9
                  are u use a free theme or a nulled plugin?
                  magneto664 📧 gmail.com
                  Cams.Zone 💘 Best CDN for Adult Content
                  My Fav: 👍 Chaturbate 👍 Stripchat 👍 AdultFriendFinder

                  Comment

                  • Brian mike
                    #Alberta51
                    • Oct 2014
                    • 8735

                    #10
                    Originally posted by Sly
                    I wouldn't focus blame on any one theme or plug-in, this is a "nature of the beast" scenario with WordPress. This is why it's crucial to have any WordPress installations set up in an environment where any malicious injections will not impact other sites. It's also crucial to make sure WordPress, themes and plug-ins are updated at all times.
                    Your right i guess, so no more wordpress for me will switch to KVS my 2 wp-script Left.
                    So no dev to blame about it
                    Tube - Cam - Escorts - Top List
                    Menu Tab - Banner - Header Link - Blog Post
                    DM me

                    Comment

                    • Brian mike
                      #Alberta51
                      • Oct 2014
                      • 8735

                      #11
                      Originally posted by magneto664
                      are u use a free theme or a nulled plugin?
                      WP-script WEAK free theme 2 week in the last month ( Not change by me BTW ) is like a magic shit going on with French Sebastien LMAO
                      Nulled plug in are removed when wordfence gives a warning about it or a plug in let down.
                      I only use plug in from respiratory if i have too.
                      Tube - Cam - Escorts - Top List
                      Menu Tab - Banner - Header Link - Blog Post
                      DM me

                      Comment

                      • magneto664
                        God Bless You
                        • Aug 2014
                        • 1470

                        #12
                        Originally posted by Brian mike
                        Nulled plug in are removed when wordfence gives a warning about it or a plug in let down.
                        I only use plug in from respiratory if i have too.
                        it could well be installed a year ago as well as a month ago. it remains to scan all files and the database. It is worth to rip the original files from the server (wordprees main files) and files from the original wordpress and compare if they are not changed! remember about the wp-config file
                        shit work for a few hours
                        magneto664 📧 gmail.com
                        Cams.Zone 💘 Best CDN for Adult Content
                        My Fav: 👍 Chaturbate 👍 Stripchat 👍 AdultFriendFinder

                        Comment

                        • Bladewire
                          StraightBro
                          • Aug 2003
                          • 56228

                          #13
                          Originally posted by Brian mike
                          They have injected Mining Code to the site.

                          <div style="position:absolute;left:-4865px;top:-3595px;">
                          <a href="http://grainesdesol.fr/index.php?gnregr=lenovo-miix-2-8-factory-reset">grainesdesol.fr</a>
                          </div>
                          <div style="position:absolute; left:-5477px;top:-1560px;">
                          <a href="http://market4.ir/index.php?hnhjkl=can-you-make-money-selling-bitcoins">market4.ir</a>
                          <a href="http://market4.ir/index.php?hnhjkl=cara-mining-bitcoin-di-android">earn on android</a> earn bitcoin on android 2017
                          <a href="http://market4.ir/index.php?hnhjkl=is-it-good-idea-to-invest-in-bitcoin">here</a>
                          <a href="http://market4.ir/index.php?hnhjkl=bitcoin-conversion-calc">http://market4.ir</a>
                          </div>

                          <div style="position:absolute;left:-4865px;top:-3595px;">
                          <a href="http://grainesdesol.fr/index.php?gnregr=lenovo-miix-2-8-factory-reset">grainesdesol.fr</a>
                          </div>
                          <div style="position:absolute; left:-5477px;top:-1560px;">
                          <a href="http://market4.ir/index.php?hnhjkl=can-you-make-money-selling-bitcoins">market4.ir</a>
                          <a href="http://market4.ir/index.php?hnhjkl=cara-mining-bitcoin-di-android">earn on android</a> earn bitcoin on android 2017
                          <a href="http://market4.ir/index.php?hnhjkl=is-it-good-idea-to-invest-in-bitcoin">here</a>
                          <a href="http://market4.ir/index.php?hnhjkl=bitcoin-conversion-calc">http://market4.ir</a>

                          But but but This happened While the Server WP-script was down 2x during the month for roughly a week each time. Weird Weird Weird

                          SO i wonder IF that WP-Script Server issue Could have made my site become WEAK by using his WEAK FREE Theme while license server down...

                          IS over a week i got a bad feeling about it. WEIRDDDDDDDD
                          I wonder if all sites using that script we're injected while it was down.

                          Is their ecrypted code on that script? If so, it's likely that's your backdoor.

                          This is why I never have any scripts that have encrypted code because you never know what the owners going to do with it and if there's a back door which there usually is because it needs to connect with the server and verify info to work.


                          Skype: CallTomNow

                          Comment

                          • Sly
                            Let's do some business!
                            • Sep 2004
                            • 31376

                            #14
                            Originally posted by magneto664
                            it could well be installed a year ago as well as a month ago. it remains to scan all files and the database. It is worth to rip the original files from the server (wordprees main files) and files from the original wordpress and compare if they are not changed! remember about the wp-config file
                            shit work for a few hours
                            This is very true.

                            These exploits can remain dormant for months, even years. Then a particular event triggers them in action and boom.
                            Vacares - Web Hosting, Domains, O365, Security & More - Paxum and BTC Accepted

                            Windows VPS now available
                            Great for TSS, Nifty Stats, remote work, virtual assistants, etc.
                            Click here for more details.

                            Comment

                            • Brian mike
                              #Alberta51
                              • Oct 2014
                              • 8735

                              #15
                              I know if i would be a client of VACARES/ SLY they would have take over and fix all this already for me

                              But unfortunetly for me im with King-Servers.com and will see what i can get from them done today or tomorrow
                              Their very good to me usually, so will see whats up this weekend hopefuly.

                              Shitty weekend ahead
                              Tube - Cam - Escorts - Top List
                              Menu Tab - Banner - Header Link - Blog Post
                              DM me

                              Comment

                              Working...