mike_p
Forum Replies Created
-
Hi Kimbert,
As this website had been moved to this server two weeks prior, I went back thru the two weeks of log files (apache) and was able to find access to files that did not seem appropriate. POSTs to PHP files that were buried in application folders (of another php app) and then hits to the WordPress files that I could see were dated *after* the site had been moved over, so these files had newer dates than all of the rest of the website.
I downloaded these files and then, from the command line, searched for any files containing similar strings.
Most of the gold was from the log files though. Once I had a few of the hacked files I was able to see that the user always used the same UA string, and then could search thru the logs and get a better idea of what they were up to…
Hey wfasa,
Great point; also a big hole. A manifest would be nice in the plugins, I suppose then. Something to define those cases and to be able to test against. You also may want to clear up in the scan part that it only scans for differences in the actual code, not files.
There were some bits that were not picked up by WF. When I get things bolted down, I’ll test again and then send things thru.
Thanks for your help!
Hi Wfasa,
Thanks, while there are samples of code that were not detected and I’ll send those in when I get the chance (still sorting out the point of entry here), in this case there were extra files in a plugin. I ran the option to compare with the repository and WF did not detect the difference.
Is that expected behaviour?
Hey @skunkgrunt,
Nice work there figuring out why that dev went silent!
I have yet to make a solution, but plan to develop something that will grow along with the box. The plan is a 3rd party tool with a WP plugin, so that the user’s data (the actual clients of the box) would be portable.
Thanks vernonschmiddy!
I’m probably going to build something out for a friend’s box then. They are starting on a cheap SAAS solution but it only does reservations. As a coach and a programmer I can see where you could get so much more with a decent app!
Hey vernonschmiddy,
Did you purchase this plugin? I wrote to the DEV asking some questions but he didn’t reply…