Support » Plugin: Anti-Malware Security and Brute-Force Firewall » where to find DB injection?

  • Resolved ehrichweiss

    (@ehrichweiss)


    Hi,

    I’m trying to analyze how this malware got into my system and where it’s located but I’m having trouble finding the DB injection. Is there a log to show where it’s actually located and how it’s hidden?

    The output from the plugin in the admin console is…

    2 JBEBP(“<script*.php?zone*</script>”) in mydb_options:ad_code”:15008.1

    but I can’t find any of the script or the “ad_code” option…

    I’ll need to know this to figure out what I can do next because this is the second time I’ve been stung by this “monit.php” malware…

Viewing 2 replies - 1 through 2 (of 2 total)
  • ehrichweiss

    (@ehrichweiss)

    Never mind. Apparently it was already removed as I just found the injection in another database so I can identify it now.

    Plugin Author Eli

    (@scheeeli)

    There is a hidden plugin (usually in a file called monit.php) that creates these entries in your database. I have added this new threat to my definition update so the source of this threat can now be automatically removed using my plugin. Please download the latest definition updates and run the complete scan to remove this threat 😉

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.