WordPress.org

Ready to get started?Download WordPress

Forums

netsol hack patch (2 posts)

  1. NSSwp
    Member
    Posted 4 years ago #

    Hello everyone,

    If your site was attacked by the 'netsol' iframe hack, we just wrote a script that may help you. This may not be a definitive answer to the hack, as we haven't gone through the entire file and database structure to see what fully has been affected, but it is known that the "siteurl" record in wp_options table is updated with the iframe leading to the hacker's URL.

    This script checks every time the site is accessed if the "siteurl" record has been changed from it's original state. If it is changed, it will re-update the record back to the original URL and load the site seamlessly.

    Here is the URL for the "sitecheck.php" script, the instructions are in the file. If you need help, please let us know. Hope this helps some of you.

    file can be downloaded at.....

    *removed by mod*

    Make sure you rename the file from "sitecheck.php1" to "sitecheck.php". This is done so the browser doesn't try to load the page.

  2. Mark / t31os
    Moderator
    Posted 4 years ago #

    That's a pointless process for what would be just as easy(easier in fact imo) to do via phpmyadmin.

    Nice try for the google juice though.

    This script checks every time the site is accessed if the "siteurl" record has been changed from it's original state. If it is changed, it will re-update the record back to the original URL and load the site seamlessly.

    Yes, but it's an additional potential layer of data exposure, you're including the WordPress configuration data into your custom script, then not surpressing errors on the include, which can expose file paths / dir structure.

    And you're recommending users add this as an include to their wp-settings.php file? What!.. again no surpression on the include, failed inclusion would produce an error exposing the file path.

    Sorry but i fail to see how this does anything but add another area open to exploitation, and you'll have to forgive me for this comment but, your website slogan "We develop secure websites"... Really? So why is your PHP so inconsistent in the way it's written, nothing about your script seems professional to me.

    Although you havn't strictly broken the forum rules, i am inclined to remove your link, but you're free to appeal against that decision if you choose.

Topic Closed

This topic has been closed to new replies.

About this Topic