Forums

WordPress › Support » How-To and Troubleshooting

Important : can a backdoor hide itself in the DATABASE ? (5 posts)

  1. Sabinou
    Member
    Posted 7 months ago #

    Hello,

    I'm having a nasty backdoor hidden somewhere on my hosting account, allowing access to all the files of my hosting account, including (but not only) my wordpress blog.
    I never found what it is, how it is working (neither FTP nor SSH).

    And here, I'm about to move, soon, to a new web host.

    Hoping to get rid of the backdoor, I will reinstall EVERYTHING from scratch, from pure trustworthy official stable releases, and only import the databases.

    At this point, however, my paranoia runs wild again, and I wonder if this is secure enough.

    Please, even if my question may sound idiotic, I REALLY need a confirmation :
    Can an "exploitable to take control from the outside" code hide itself in a database ?

    Is there some way a malicious Person/Script can make use of an evil code previously stored in the database ?

    I know backdoors may wish to hide themselves partly in the database (for instance an encoded base64 encoding sequence, and the malicious hacker would only write in clear an innocent-looking call for a database table - yes, I've read ottopress.com/2009/hacked-wordpress-backdoors/ , haha).
    But I don't know if, on a 100% clean site, a database with malware traces is, or is not, an open exploitable security hole.

    Thank you VERY MUCH if you can tell me, this is very important !

    I dare not move to my new web host while that question is not answered :-/

  2. esmi
    Theme Diva & Forum Moderator
    Posted 7 months ago #

    http://codex.wordpress.org/FAQ_My_site_was_hacked
    http://wordpress.org/support/topic/268083#post-1065779
    http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
    http://ottopress.com/2009/hacked-wordpress-backdoors/

  3. Sabinou
    Member
    Posted 7 months ago #

    Esmi, thank you for the half-automated reply, there was one of these pages that I didn't know yet ;)

    However, I don't want to look ungrateful, but this is another kind of information that I am after.

    I do NOT know if a database can be used to contain and provide an "exploit me please" security hole.

    Even if a hacker managed to
    - hide an iframe inside the posts
    - store a string that can be loaded locally by a malicious php/js/html file present on the hosting account, this way the malicious php/js/html file doesn't look as malicious as that
    ... That won't make it an exploitable security hole.

    But even if I know that, that doesn't mean I know everything on that topic (far from it).

    I still do NOT know if a database can't be used as an actual usable backdoor, in a manner or another.

    Do you see what I mean ?

    I apologize if I don't find the proper terms, this is not my field of expertise, I hope you finally see what I mean, what I wonder ?

  4. esmi
    Theme Diva & Forum Moderator
    Posted 7 months ago #

    If the hacker has managed to inject something into your site's content (perhaps masquerading as an image file), your theme, one of your plugins, then - in theory, yes, a backdoor hide itself in the database. Either directly or indirectly.

    The reason I posted those links as that the instructions they give all take this into account.

  5. Sabinou
    Member
    Posted 7 months ago #

    I apologize, I'm still not sure I understand you, Esmi, I read all of these pages and didn't find them really relevant to what I'm wondering.

    That may be because I don't find the proper words to tell what I'm wondering.

    I can give a practical example.

    - Let's say I move to my new host, and at that new host, I start everything afresh, reinstalling cleanly my template, the plugins, and wordpress, from the official sources.
    - Nothing comes from the previous hosting account, save two exceptions :
    - the files with a picture extension, and I'll batch-recompress them so that any non-image will break the conversion, so I'll know
    - the database, I cannot avoid reimporting it

    In that case, can that database with "something" inside be used by a complete stranger, to take control and do unwanted things on my blog ?

    (Once again, I apologize if there's something obvious that I'm failing to notice -_-)

Reply

You must log in to post.

About this Topic

Tags