Danger behind using older php versions?

Danger behind using older php versions

PHP ( PHP Hypertext Processor ) commonly used programming language for creating websites. Over 78% of all the websites are using PHP, ie. 8 out of 10 websites are PHP websites. WordPress, Joomla, Drupal, and many other CMSs are using PHP as the programming language. The latest PHP version 7.4.9 was released on “06 Aug … Read more

Extending ClamAV Signatures with RFXN Database for PHP Malware’s

extending clamav signatures

You can use 3rd party compiled malware and virus signature databases to extend ClamAV signature database collection with better detection PHP malware. RFXN (R-FX NETWORKS) Database signatures are updated typically once per day or more frequently depending on incoming threat data from the LMD checkout feature, IPS malware extraction, and other sources. Malware.Expert also generates … Read more

Buy Signature subscribers

Malware Signatures

ClamAV is an open-source anti-virus engine designed to detect viruses, Trojans, malware and other threats. It supports multiple file formats (documents, executables or archives), uses multi-threaded scanner features and receives updates 3-4 times a day for its signature database. Additionally, we are updating our database, so the user will get improved results. Benefits of using … Read more

Disable Theme and Plugin Editors from WordPress

Security

This is a big problem, if customer using very weak password’s with default username’s like admin/administrator and etc. Even if you don’t use default username you can get it very easily. Get WordPress username https://wordpress.site/?author=1 This redirects your correct username author page and you can get easily correct username which is probably admin user. If … Read more

Website backdoors with $variable functions

Tutorial

When a website is compromised, attackers frequently leave behind a backdoor – which is PHP code in a new file or injected PHP code to file that already on the server. These backdoors are not designed to attack a website or destroy data. Typically they allow an attacker to re-enter a targeted website with little … Read more

PHP File upload vulnerabilities

ModSecurity

Why PHP File Upload vulnerabilities is a Major Security problem ? There are lots of Web sites, which using some kind Content Management Systems (CMS), like WordPress, Joomla and etc., where an ability upload content like text, images and so on. There is no nothing bad for this, but there are also a lot of … Read more

WordPress Hidden Include

Malware details

Today we found undetected malware, which keep it hidden and try loading again if it deleted. We generated Signatures to Detect these hidden includes: /index.php: {HEX}Malware.Expert.wordpress.hidden.include.0.UNOFFICIAL FOUND /wp-load.php: {HEX}Malware.Expert.wordpress.hidden.include.1.UNOFFICIAL FOUND /wp-includes/template.php: {HEX}Malware.Expert.malware.url.7od.info.0.UNOFFICIAL FOUND /wp-includes/Requests/IPconfig.ini: {HEX}Malware.Expert.generic.malware.39.UNOFFICIAL FOUND /wp-includes/js/utilities.js: {HEX}Malware.Expert.generic.malware.39.UNOFFICIAL FOUND WordPress index.php wp-load.php End of file: template.php IPconfig.ini Remove file utilities.js Remove file Final Words Use … Read more

xo.php

Malware details

This malware trying write another malware to server, it’s using old cherry-plugin import/export file upload vulnerability. Here source code to malware: Source of xo.php Details $uri is infected server address. $url is base64 encoded remote server address, where trying download more malware and put server to remote access: http://fastwealthformula.online/callback/shell Remote file Final Words Use Malware … Read more

Decode.Tools – Decode PHP Obfuscator by FOPO

Decode.tools

Decote.tools is a website that provides you free online decoding tools that can help you identify malicious PHP code hiding behind obfuscated code (ex. FOPO). Tools at decode.tools can decode almost any tough PHP code or program into a simple and understandable form that can be easily analyzed to see whether its malicious or not. … Read more

What is a web shell?

Web Shell

A web shell or backdoor shell is a script written in the supported language of a target web server to be uploaded to enable remote access and administration of the machine. Shells are able to infect servers that may not necessarily be internet-facing, servers for hosting of internal resources are also subject to web shell … Read more