WordPress.org

Forums

How do I use phpMyAdmin to look for SQL Injection? (5 posts)

  1. aaron1728
    Member
    Posted 7 years ago #

    I maintain hundreds of WP sites. On only one host where I have 5 domains I have been getting my index.php files (they were all 644'd!) changed with spam/malware stuff. This seems to indicate that either I've had code injected before I upgraded to 2.5.1 a few weeks ago or perhaps a bad plugin or theme.

    If I can successfully rule out plugins and themes, I would like to scan and scrub my databases for injected code. What should I be looking for? In which tables?

    My plugins are current. Is there a list somewhere of plugins that are problematic?

    I've deleted all themes except for default, classic and the actual theme I'm using. Is there a list somewhere of themes that are problematic? I have searched header, footer, sidebar files for iframe and javascript stuff but it seems clean. Those files aren't changing when the site is "re-hacked". Only the index.php file.

    The host is using cpanel 11.18.6-RELEASE

    Trying to eliminate all the possible security weaknesses.

    Thanks in advance.

  2. jbiethan
    Member
    Posted 7 years ago #

    We have a WordPress MYSQL database that appears to have
    had a SQL injection. We're attempting to clean the file and have
    a few questions if anyone is up for this challange.

    1) Are there any tools available that can scan a
    backup of a MySQL table exported from phpMyAdmin
    and clean out a SQL Injection?

    2) Are there any tools available that can scan an online MySQL
    database and clean out a SQL Injection?

    3) Are there any tools that can detect any other problems
    in regards to a WordPress installation that has been compromised?

    We're new to this cleanup process and any help at all in
    locating any tools would be greatly appreciated.

  3. JCarlyle
    Member
    Posted 7 years ago #

    Hi

    We have just had our website taken down by our hosting company as they say that

    This site was using large amounts of CPU on the production server, which upon investigation could be replicated by clicking links to any of the news items on the site. The search facility on the site was also using excessive amounts of CPU when used.

    I cannot get access to any of the files online so I'll have to look at the code of the theme offline to disable the search function. But I cannot get access to our MySQL database with phpmyadmin while the site is down.

    Is there a problem with a problem with WordPress ? We are running the latest version and I know that there are a lot of SQL injectioni attacks going on at the moment.

    Any pointers or help would be appreciated.

  4. gazouteast
    Member
    Posted 6 years ago #

    I'd like answers to all of the above if anyone has any ideas.

    It's starting to feel like the hackers have given up on Microsoft and started to focus on WordPress - and that's likely to grow as more ecommerce plugins become available, so I think it's a good time to start addressing stuff like this - perhaps a special "Security Codex"?

    Gaz

  5. whooami
    Member
    Posted 6 years ago #

    I'd like answers to all of the above if anyone has any ideas.

    //me looks for question marks.

    If I can successfully rule out plugins and themes, I would like to scan and scrub my databases for injected code. What should I be looking for? In which tables?

    anything that doesnt belong there. in all of them. taking shortcuts doesnt help.

    Is there a list somewhere of plugins that are problematic?

    depeends on how you define problematic. problematic isnt necessarily insecure, and something being insecure, doesnt mean its on a list anywhere.

    if youre asking if there's a place to look for publically known insecure plugins -- sure, go do a search on milw0rm.com for wordpress

    Im sure that's not all-inclusive, but it's a start.

    ANYONE can write a wordpress plugin, even my dog can, and thats a double edged sword. ANYONE can, and nearly everyone has. That doesnt necessarily mean that the plugins are written well, or that the writer knows how to properly sanitize user input, variables, etc..

    Is there a list somewhere of themes that are problematic?

    No, and the same 'user issues' that exist with plugins exist with themes.

    One thing that Ive seen is that some theme authors are still using php_self in the search code. Thats a no-no, generally speaking. Way way back when, the 2 themes that were included were revamped to no longer use that, and I dont know if there was an internal check put into the core to account for themes that continue to use that.

    this is 'problematic':

    <form id="searchform" method="get" action="<?php echo $_SERVER['PHP_SELF']; ?>">

    this is not:

    <form id="searchform" method="get" action="<?php bloginfo('home'); ?>">

    Are there any tools available that can scan a backup of a MySQL table exported from phpMyAdmin and clean out a SQL Injection?

    A good set of eyes is your best and safest bet. It takes longer, but in the end, trusting software is not the solution.

    Are there any tools that can detect any other problems
    in regards to a WordPress installation that has been compromised?

    what 'other problems' ?? I cant answer that, since i dont know what youre asking.

    Is there a problem with a problem with WordPress ?

    huh?

    --

    hows that gaz?

Topic Closed

This topic has been closed to new replies.

About this Topic