removing wordpress malware infecting js files.

A recent WordPress malware is targeting WordPress websites by injecting a piece of malicious code into every single JavaScript files (mostly libraries specially Jquery) which acts maliciously by redirecting the visitors to advertising affiliate sites.

Example injected code:

Well I came to know about this when a client approached me to clean his hacked website. after looking for this pattern within the files on his WordPress directory I came to find that over 600 Javascript files were injected with the code above.

I have gotten the above result by doing a grep in the public_html folder. following command was used to do a recursive grep looking for matching malicious variable name:

looking at the above commands result I found a file named db.php was uploaded to one of the plugins folder which a simple get request to that php file would case of that mass injection to all javascript files.

now lets get rid of the bad stuff in all files by using sed in combination of grep command as below:

This will remove the pattern from each single file that contains it.

 

Incoming search terms:

  • https://hazaveh net/2017/02/removing-wordpress-malware-infecting-js-files/
  • https://yandex ru/clck/jsredir?from=yandex ru;search;web;;&text=&etext=1835 CiGfGuU2ao40SDvubJnd7_lcxMapruAOWD5LCQYPHAV7Uc7AV5I4ZenAYXrIXHjv d0dfbc0346dbc9792fe15682ba7fe380cdb66c6a&uuid=&state=_BLhILn4SxNIvvL0W45KSic66uCIg23qh8iRG98qeIXme
  • var _0xaae8=[ \x6A\x6F\x69\x6E \x72\x65\x76\x65\x72\x73\x65 \x73\x70\x6C\x69\x74
  • \x34\x32\x2E
  • _0xaae8 database

Exclude Folder from Rewrite rule in WordPress

It’s annoying that you cannot create folders in your wordpress website and access them directly,  it’s very easy to exlude your folders by editing the .htaccess file.

simply use following line of code in your .htaccess and exclude your desired folder:

 

Incoming search terms:

  • https://yandex ru/clck/jsredir?from=yandex ru;search;web;;&text=&etext=1821 PyDCF8BPfGEkw06MMNuFEeQy0kbbDPxWTEuPOjkn1k7aeFrIY4j1d18wJ7EqWiwO 7e581965cd88eca0c73fdcb21c7975ad772153e0&uuid=&state=_BLhILn4SxNIvvL0W45KSic66uCIg23qh8iRG98qeIXme

How to change WordPress site URL from Database

Hello everyone. Before anything I would like to show my respect to all those people who has lost their life in the typhoon in East Asia. Today I’m going to show how to change the WordPress site URL through the database. Well it might comes handy in case you have mistakenly changed your website url in the WordPress settings and you cannot access the admin panel anymore. It also is one of the steps that should be taken while moving a WordPress website from one server to another. Well first of all you have to access the Database of your WordPress. Assuming you are using MySQL and PHPMYADMIN. So I’ve opened my database through PHPMyAdmin, as you can see below:

Continue reading How to change WordPress site URL from Database

Incoming search terms:

  • url in database