Anti-Hacking Checksums

  • I would dearly love to see functionality that would help identify malware.

    I am getting hacked on a regular basis. functions.php was hit with an encoded function that called javascript, that referenced films4u.us; the latest hack involved – somehow – wp_footer() and references freemacware.com

    I haven’t been able to determine whether the vulnerability comes from my host, my administrative password, or a wordpress software exploit.

    I also haven’t been able to track down the wp_footer() vulnerability. I can’t even find the damn wp_footer() function! All I know is that the spam insertion occurred after <div id=”_wp_footer”> on the blog’s index page and that deleting the call to wp_footer() in footer.php has cleared up this particular problem this particular time.

    It would be very useful if a function was added to the admin functionality, and a table added to the database, that would run, store and compare checksums of all the software files. Then I’d be able to nail the infection site by looking for checksum changes.

    Is there any hope for this? I’ve just spent two hours – mostly just looking for where the damn wp_footer() function is defined! – patching over this insertion.

Viewing 3 replies - 1 through 3 (of 3 total)

  • I am getting hacked on a regular basis.

    And chances are you will again.

    “WordPress version: 2.3.3”

    You can checksum any of your files at any time and store the hashes locally for increased security, using any number of available freeware tools (if you like a GUI to work with). Or just use a file comparison tool to check suspected files against the known good backup. Keeping your installation updated will also assist in removing any known vulnerabilities. I believe the WordPress version you are using has some of those vulnerabilities.

    You should also review your plugins for known issues and address them accordingly. Incorrect file and or folder permissions are also a factor. Shared hosting can also, at times, offer a higher risk if someone else on the server has been compromised.

    All in all, I think your idea sounds good, and I’m not trying to minimize it, but taking care of the other things seems to make automatically check- summing files sound like a luxury rather than a necessity. Cool idea, though.

    It would be very useful if a function was added to the admin functionality, and a table added to the database, that would run, store and compare checksums of all the software files. Then I’d be able to nail the infection site by looking for checksum changes.

    install aide; set up properly, you wouldn’t even need root access.

    I use it on my own server, obviously watching much more than just web accessible files, and recommend it highly.

    Honestly though, the simpler solution, is what ClaytonJames suggested.

    Aide, tripwire, mdsum, etc.. are great, as long as you dont rely on them to prevent hacks. Thats where you come in. ??

    Thread Starter jihymas

    (@jihymas)

    “WordPress version: 2.3.3”

    I know, I know. At least, I know now. Until today, I hadn’t realized that my 5-month old installation was so vulnerable. I’ll be updating soon, believe me.

    I’ll have a look around for some utilities that will resolve the issue – unfortunately, I can’t use aide, as suggested by whooami because my host runs Windows. I’m in the (very slow) process of changing hosts, though, so maybe I’ll just wait until then.

    I don’t use any plug-ins. I will admit, I am averse to any sort of widgetry on my machines – unless it’s widgetry I’ve built myself – because

    • It’s just another thing to learn, understand and check
    • They introduce vulnerabilities of their own
    • I spent too much time in the eighties and nineties, trying to figure out why installation of one programme broke another
    • I loathe fiddling. I know people who take days fiddling around with their MS-Word settings and can’t use it unless it’s personalized to hell-and-gone … the idea just drives me crazy

    All of which are at best generalities and at worst cover-stories for laziness, but it would really be appreciated if the fine folks at WordPress could port some freeware into one of their upcoming versions and make it fully integrated.

    I was able to resolve my problem – I think. I wrote a post about it.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Anti-Hacking Checksums’ is closed to new replies.