{ Dev Farm }

Web & Windows Development

WordPress and multiple malwares

| 0 commenti

Thanks to MailPoet and Revolution Slider my websites run over multiple attaks.

I noticed problems mainly because, when I enter in the plugins’ list, a lot of errors like “Plugin ABC deactivated..” come out.
This because the plugin main file was not starting with its regular comment, but with the malevolent code.

A lot of files (1000+) was starting like this


Others (50+) was starting like this, and other random vars


Tired of this haks I wrote a small .cs colsole for cleaning this files.
Other websites suggest a .sh script but I’m a Windows user and I’d use its tools.

Feel free to use/edit/whatever this code:


using System;
using System.Text;
using System.IO;
using System.Text.RegularExpressions;

namespace ConsoleApplicationCleanWordpress
{
    class Program
    {

        static Regex re = new Regex(@"^<\?php\sif\(\!isset\(\$GLOBALS\[" + "\"" + @"\\x61\\156\\x75\\156\\x61" + "\"" + @"\]\)\)\s.*\s\?>");

        //static Regex re = new Regex(@"^<\?php.*(\#\-\!OVMM\*\<%x22%51%x29%51%x29%73"", NULL\);).*\s\?>");

        static int count = 0;

        static void Main(string[] args)
        {
            cleanFolder(@"C:\Users\max\Desktop\public_html");

            Console.WriteLine(count + " infecetd files.");
            Console.WriteLine("THE END!");
            Console.ReadLine();

        }

        private static void cleanFolder(string folder)
        {
            var di = new DirectoryInfo(folder);

            foreach (var subfolder in di.GetDirectories())
                cleanFolder(subfolder.FullName);

            /*
            foreach (var file in di.GetFiles())
            {
                if (file.FullName.ToLower().EndsWith(".php"))
                    cleanFile(file);
                else
                    file.Delete(); // don't need to upload it anymore (css, js, big files, etc)
            }
            */

            foreach (var file in di.GetFiles("*.php"))
                cleanFile(file);

        }

        private static void cleanFile(FileInfo file)
        {
            var content = File.ReadAllText(file.FullName);
            if (re.IsMatch(content))
            {
                var orig = file.FullName;
                Console.WriteLine(++count + " Infected: " + orig);
                file.MoveTo(orig + ".bk");
                File.WriteAllText(orig, re.Replace(content, ""));
            }
        }
    }
}


Other resources:

Lascia un commento

I campi obbligatori sono contrassegnati con *.