Scanning Database for malicious Data

I’ve read that dumping the database as text and searching in it is a good way to go. You can search with phpmyadmin, but it’s limited. Depends on the size of the database and a good text editor, but you can delete post/page revisions before dumping the database to bring it down in size. Or … Read more

Tips for finding SPAM links injected into the_content

I won’t repeat any of the good advice in Squish’s answer. You should also read this article on WordPress security. I’m just going to cover the specifics of what I learned from my episode. My attack is a kind of black hat SEO known as “hideMeYa”: http://siteolytics.com/black-hat-seo-technique-demystified/ Basically, the attacker slips a bunch of hidden … Read more

WordPress site hacked. Has .htaccess been hacked?

About Hacked sites: First of all, let’s be clear about issues related to hacking: If your site was genuinely hacked, then in short of completely erasing all the files and then reinstalling the server (not just WordPress) with new passwords, updating all files and identifying and removing previous loop holes that caused the site to … Read more

If a hacker changed the blog_charset to UTF-7 does that make WordPress vulnerable to further attacks?

< and > are encoded as +ADw- and +AD4- in UTF-7. Now imagine the following: Someone sends +ADw-script+AD4-alert(+ACI-Hello+ACI-)+ADw-/script+AD4- as comment text. It will pass all sanitation unescaped. The database expects and treats all incoming data as UTF-8. Since all UTF-7 streams are valid UTF-8 too, this will never result in a SQL error, and mysql_real_escape … Read more

Verifying that I have fully removed a WordPress hack?

Have you identified the exploit vector? If not, you may be leaving yourself open to future exploit. Other things to consider: Change WordPress admin user passwords – done Change Hosting account user password Change FTP passwords Change MySQL db user password – done Change the db table prefix Update your wp-config nonces/salt Check your directory/file … Read more