Support » Plugins and Hacks » [Plugin: WordPress Exploit Scanner] Exploit Scanner not working

  • I just downloaded the Exploit Scanner Plugin. After starting it I got to a page telling me

    Exploit Scanner
    This script searches through your WordPress install for signs that may indicate that your website has been compromised by hackers. It does NOT remove anything, this is left for the user to do.

    And nothing happened afterwards. After one hour there is still nothing telling me, if there are any results, even no sign that there is happening anything at all.

    http://wordpress.org/extend/plugins/exploit-scanner/

Viewing 15 replies - 1 through 15 (of 30 total)
  • Was there any error in your php error log?

    Hello,
    I had the same problem as portenkirchner above and could not find my php error log. I host my own blog and determined that the error log directory parameter in my php.ini was not set correctly. I fixed this and discovered when I ran the Exploit Scanner again that indeed I was getting an out of memory error in my php error log. However, the Exploit Scanner script does not return anything if this error occurs and all I would get is the same result “This script searches through your WordPress install for signs that may”…maybe this can be fixed in a future version to at least tell someone if there was a memory error???

    Here is the exact error from my php error log:
    “[21-Oct-2009 11:40:42] PHP Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 51118080 bytes) in /www/xxxxxxx/wp-content/plugins/exploit-scanner/exploit-scanner.php on line 80

    I corrected this by going into my wp-config.php per the README instructions and added the following:
    define( ‘WP_MEMORY_LIMIT’, ‘256M’ );

    After doing this, the error went away but the Exploit Scanner now had a different problem. Now, when I started a scan, the “Please Wait while Loading” animated .gif would display for hours on end. After some painstaking debugging of the Exploit Scanner code, I determined the problem. It seems that the Exploit Scanner does not handle scanning binary files if they are anywhere in the WordPress directory structure. To fix this problem, I simply moved my “files” outside of the WordPress directory structure and voila, the scanner completed properly! Again, this should be fixed in a future version by either telling the user that the scanner does not work with binary files or build in intelligence to skip over these files/scan them in a different way.

    Anyone have a similar problem using this script with binary files?

    Thanks!

    Try the development version. It allows you to set the php memory size and file size limit.

    Hello,
    I had the same problem with “define( ‘WP_MEMORY_LIMIT’, ‘256M’)”:

    Exploit Scanner
    This script searches through your WordPress install for signs that may indicate that your website has been compromised by hackers. It does NOT remove anything, this is left for the user to do.

    Where can I find the development version?

    thanks

    sweet, the dev version finally worked for me! Found one file hidden in my default theme that was dirty…I’d assumed it just got fixed with an update….

    I’m having a problem now getting WordPress Exploit Scanner 0.7 to run. I’m only getting the “Please wait while loading…” message. I ran it earlier on WP 2.8.5, but since experiencing some malicious activity, I’ve since upgraded to 2.8.6 and have also changed the “wp_” prefix for the database.

    Are there possibly some additional modifications that I need to make in the database because I did change the “wp_” prefix, and that might be causing WordPress Exploit Scanner not to run now?

    I’m just guessing, though. Any ideas on getting this plugin to run? I really need to use it!

    Thank you.

    Deb Phillips

    @DebnNCgal

    Same problem here. It was working in a prior incarnation, but 0.7 has never worked for me. Just spins its wheels until I pull the plug.

    I’m running the latest version of Firefox on my Mac.

    @bobnolin , #DebNCgal I’ll look into this in a bit. Was working fine on my Firefox + Mac and IE8. Do you by any chance have FireBug install so you could give some more details on eventual errors.

    Something you might want to try. Could you run the “General Infos” scan alone without the other two and let me know if this works. I just tried the script on a fresh install on a shared hosting with Firefox 3.5.5 on a Mac and it worked like a charm. It would be great if you could pass along as many details as possible so I can figure out what fails.

    Thanks
    Thorsten

    If I uncheck the box for FILE SCAN and check every other box then it works fine. The moment I check FILE SCAN it just sits there and “rotates” like it is working, but I let it work overnight and in the morning it was still going.

    Using Firefox 3.55 on Ubuntu KK

    I just tried checking FILE SCAN and NOTE only and got the following error:

    Fatal error: Out of memory (allocated 167772160) (tried to allocate 334 bytes) in /home/censored/www/wp/wp-content/plugins/exploit-scanner/exploit-scanner.php on line 261

    I moved the PHP MEMORY LIMIT up to 500 and now it is just sitting there rotating again (for the past several minutes now.

    You might have a huge amount of files, or big files. Have you tried adjusting the filesize limit to a lower value?

    tott, yes, I have Firebug installed and would be happy to help, if I can. BTW, I can successfully run the “General Infos” scan by itself. Let me know how I might help in the troubleshooting process. Thanks very much.

    DebNCgal, if you can run General Infos I’m afraid Firebug will not help as you already proved that it’s not a browser issue related to the ajax call or similar.

    Sorry about that, tott. I was hoping to be of some direct help. I hope the fix will not be a daunting task.

Viewing 15 replies - 1 through 15 (of 30 total)
  • The topic ‘[Plugin: WordPress Exploit Scanner] Exploit Scanner not working’ is closed to new replies.