-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathWordPress Malware Removal Course Details.txt
217 lines (174 loc) · 6.99 KB
/
WordPress Malware Removal Course Details.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
=====================================================================
WordPress Maleware Removal & Hacked Website Recovery Course Details=>
=====================================================================
========
Video-1. Scan The Affected WordPress Website Online=>
========
i) Security Check & Malware Scanner => https://sitecheck.sucuri.net
ii) Blacklist website => https://mxtoolbox.com/blacklists.aspx
iii) Google transparency report => https://transparencyreport.google.com/safe-browsing/search?url=https://sitename.com
========
Video-2. Take WordPress Files & Database Backup Before Cleaning Malware=>
========
i) Manual Backup
ii) All in one wp migration plugin Backup
========
Video-3. A Brief Identify Of Malwares/ Malicious Codes/ Viruses=>
========
**In our file manager, different directories of PHP files contain these codes
i) eval()
Example: eval(base64_decode("aHR0cHM6Ly9tYWx3YXJILmV4cGVydA==");
ii) <?php ${
Example: <?php
$00o_00_OO
?>
iii) base64_decode
Example: localObject2 = Base64.decode((anyThingCanBeHere));
iv) wp_nonce. (it is used to push remote user id and password – CSRF Attack)
Example: "ajax_nonce":"anyThingCanBeHere";
v) gzdecode_render
vi) lzw_decompress
vii) file_upload (backdoor)
viii) str_replace
ix) strrev
x) <?php $ca2a = @$GLOBALS[$GLOBALS[‘k94124e4’][48]
xi) <?php $Icc1ll1l1c=’772′; $I1lcl1cl1c=urldecode. – website redirect
xii) <?php $Icc1ll1l1c=’772′; $I1lcl1cl1c=urldecode. – website redirect
xiii) <?php isset(${“\x5f\x47\x45\x54”}[“\x75\x72\x6c\x65\x72\x72”]. – website redirect/ backdoor
xiv) <?php if(isset(COOKIE(“id”)))@$_COOKIE[“user”]($_COOKIE[“id”]); It creates remote users/backdoor
xv) if (!defined(“FFCBCD”)){define(“FFCBCD”, __FILE__);global $<81>,$<99><93>
**Here we also seen that, how to configure & Scan Viruses with "Wordfence" plugin
========
Video-4. Cleaning The WordPress Core Files, Free & Paid Plugins & Themes=>
========
**Dashboard Cleaning Process:
i) re-install wp core files
ii) update all backdated plugings
**cPanel Cleaning Process:
i) without this 3 files: wp-content, .htaccess, wp-config.php
we will delete all files & folders
ii) download wp core files and set it our cPanel
iii) check those files: .htaccess, wp-config.php
iv) without this "plugins, themes, uploads, index.php" files delete other files
v) in our uploads folder we shouldn't have any php files
vi) delete all previous plugins and reinstall those plugins newly
vii) without active theme, delete all previous themes and reinstall those themes newly
viii) we will replace active theme style.css to new active theme style.css file
xi) now we will check previous active theme functions.php file
if there have any custom code, so we will copy & paste it
new active theme functions.php file
========
Video-5. Backdoor & Shell Attacks & Cleaning The Backdoor & Shell Codes=>
========
**Here we can see, how the backdoor work and how to work web-shell actually.
Minhaz Asif Brother says that we should protect our site in manual process
i) For protect our default .htaccess file put some code=>
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
# Protect .HTACCESS
<Files ~ “^.*\.([Hh][Tt][Aa])”>
order allow,deny
deny from all
satisfy all
</Files>
ii) For protect our wp-config.php file put some code=>
# WP-CONFIG BLOCK
<Files wp-config.php>
order allow,deny
deny from all
</Files>
iii) For directory indexing is block. we should create .htaccess file in wp-content/uploads and wp-content/plugins directory
# directory browsing block
Options All -Indexes
iv) For disable xmlrpc.php file put some code=>
# Disable XMLRPC.PHP
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>
v) For disable scanners in Your Website Vulnerability put some code=>
# BEGIN block author scans
RewriteEngine On
RewriteBase /
RewriteCond %{QUERY_STRING} (author=\d+) [NC]
RewriteRule .* – [F]
# END block author scans
vi) For Block Suspicious IP put some code=>
# IP block
Order Allow,Deny
Allow from all
Deny from 1.186.48.58, 65.30.114.186, 69.143.222.95
vii) For Individual File Protection put some code=>
# Protect the .htaccess
<files .htaccess=””>
order allow,deny
deny from all
</files>
ix) For protect our wp-content directory we can create .htaccess file and put some code=>
# wp-content access deny
Order deny,allow
Deny from all
<Files ~ “.(xml|css|jpe?g|png|gif|js)$”>
Allow from all
</Files>
x) For Uploads Directory Access Blocking put some code=>
# uploads directory access deny
<Files *.php>
deny from all
</Files>
# Block executables
<FilesMatch “\.(php|phtml|php3|php4|php5|pl|py|jsp|asp|html|htm|shtml|sh|cgi|suspected)$”>
deny from all
</FilesMatch>
========
Video-6. Scanning The Website With A Free Plugin & Install Firewall & Login Security=>
========
Here we can see, how the wordfence plugin can scan malware and remove.
i) at first install wordfence plugin and scan the website.
ii) then we can click "Delete All Deletable Files" Button.
iii) now we will go to wordfence Firewall option>Advanced Firewall Options>
select Brute Force Protection: fill this out the field: 3, 5, 30 minutes, 1 month
check the immedietly locked out username opton: admin, administrator etc
We also see, how to hide or change our login page:
i) install a plugin "WPS Hide Login".
ii) change our login url to the wps hide login dashboard.
========
Video-7. Cleaning PHP, Javascript, Malware Manually & Protect Website Using .htaccess=>
========
After scan our website with wordfence, we can see
Filename:/home/public_html/wp-includes/user.php
File Type:Core
Details: here we will see some red colored text
now we will go to our user.php file and search the red colored text
js virus or malware code start with ";if(ndsw=="
========
Video-8. Seo Spam, Japanese & Pharma Spam, Google Blacklist/Deceptive Site Ahead Solve=>
========
Here we can see, how our seo spam website will recover with google search console.
========
Video-9. Website Blacklist/ IP Blacklist/ Antivirus Blacklist Check & Solve=>
========
Here we can see, how to check our ip is blacklisted or not.
some blacklist checking website is given below:
https://mxtoolbox.com/blacklists.aspx
https://sitelookup.mcafee.com/
https://sitecheck.sucuri.net/
https://check.spamhaus.org/
https://multirbl.valli.org/
https://whatismyipaddress.com/blacklist-check
========
Video-10. Hacked Website Recovery & WordPress Security Confirmation=>
========
Here we can see, how to backup wordpress site and restore the website with the plugin of "all in one wp migration".
This is my Certification Details=>
Certificate link: https://udemy-certificate.s3.amazonaws.com/pdf/UC-6184e4e3-aecd-41f9-b3a4-e1fdaa6fe354.pdf
Certificate Credential ID: UC-6184e4e3-aecd-41f9-b3a4-e1fdaa6fe354
Comments: In my point of view, this is an awesome course.