08 December 2009

WordPress Exploit Scanner – Check your blog for malware!

The WordPress Exploit Scanner is a free plugin that scans your blog installation to see if any nasty malware code has been inserted into your site by hackers. It hunts for unauthorized code in the database and WP files on your server (it’s designed for self-hosted WordPress, not WordPress.com) and sends back a report on anything suspicious it finds.

When a website is compromised, hackers leave behind scripts and modified content that can be found by manually searching through all the files on a site. Some of the methods used to hide their code or spam links are obvious, like using CSS to hide text, and we can search for those strings.

The database can also be used to hide content or be used to run code. Spam links are sometimes added to blog posts and comments. They’re hidden by CSS so visitors don’t see them, but search engines do. Recently, hackers took advantage of the WP plugin system to run their own malicious code. They uploaded files with the extensions of image files and added them to the list of active plugins. So, despite the fact that the file didn’t have a .php file extension, the code in them was still able to run!

You can find the Scanner admin page linked off the Dashboard. This is the screen you’ll see.

Image and video hosting by TinyPic

You can search in numerous ways:

1. Files and database.
2. Files only.
3. Database only
4. Search files by custom keyword.

The custom keyword form allows you to search your files for whatever you like. Be careful with that one because a search for a common keyword like “php” will takes ages and generate an extremely long list of files.

Warning! Searching through the files on your site will take some time. Even a clean WordPress install with no plugins will probably take a noticeable length of time. It’s also heavy on your server. Only run the file check when your server is idling and not busy.

More information and direct downloading link at the developers website: http://ocaoimh.ie/exploit-scanner/

No comments:

Post a Comment

LinkWithin

Related Posts Plugin for WordPress, Blogger...