SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Member
    Join Date
    Aug 2011
    Posts
    3
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Trying phpmyadmin to remove rogue WordPress injections

    A co-worker's WP installation is flagged "Infected!"

    Two dozen earlier .sql backups are similarly infected so meanwhile I found a clean 2009 backup and put that on the server.

    I looked around the latest raw .sql file and found obvious rogues, then I used phpmyadmin on my desktop to delete the rogues, and re-installed the database to the server.

    The database is compromised by 200 or so nonsense URLs that are easily identifiable by derivatives of author "jonn" and by IDs in the sql file, for example a small extract is shown (1) below.

    In phpmyadmin, I deleted entries "askimet as submitted" and "askimet result" in the 1.5Mb .sql file - screenshot (2)

    It did not resolve it and the project is still flagged "Infected!" by my Avast AV program.

    Please ... will you add to my learning-curve by suggesting what I am not doing?

    As an afterthought I looked at the root index.php and found this (3)

    I loaded a clean index.php to the temporary installation.

    ** In anticipation, thank you. If I have missed a help/faq entry already on these forum pages, it is not for lack of looking pretty hard.

    Richard

    1) rogue

    2) rogue 2

    3) rogue 3

    /end

  2. #2
    SitePoint Zealot ChrisWiegman's Avatar
    Join Date
    Sep 2010
    Location
    Austin, Texas, United States
    Posts
    177
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    One suggestion I might make would be to reinstall Wordpress with a clean file base the secure it with something like Better WP Security. Then, copy over just the content of the posts and comments tables to transfer the old data. Don't worry about options, users, etc as they can be rebuilt relatively easily.

  3. #3
    SitePoint Member
    Join Date
    Aug 2011
    Posts
    3
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by ChrisWiegman View Post
    One suggestion I might make ...
    Thank you, Chris.

    I will do what you say and report back during the week

    Richard

  4. #4
    SitePoint Member
    Join Date
    Aug 2011
    Posts
    3
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Schroder View Post
    I will do what you say and report back during the week
    Thank you, Chris.

    This morning it took twenty minutes and the project is fully restored.

    I would add the URL but am cautious alerting the rogue "jonn" in this public domain.


Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •