Need a computer favor please - Page 2 - Defender Source
Defender Source  

Go Back   Defender Source > Non-Technical Discussions > Misc. Chit-Chat


Reply
 
Thread Tools
  #21  
Old December 13th, 2013, 02:27 PM
chris snell's Avatar
chris snell
Status: Offline
Chris Snell
87 Ex-MOD 110
Member
 
Join Date: Aug 2005
Location: Kansas
Posts: 2,439
Quote:
Originally Posted by cellulararrest View Post
Yeah you've got code injected into your wordpress template.

Let me know if you need help finding/removing it. I deal with this crap all the time. It's an easy fix.

This one is likely sitting in your header.php. Check for a line looking something like this: eval(base64_decode( and pull it out.
I'm hesitant to recommend simply removing the injected code because it's possible that the site was compromised more substantially than this. For someone to inject code into his template, they would have to be able to execute code locally on his server. If this can happen, you can get compromised in far more evil ways. Conceivably, if resources (JS, PHP, etc.) are shared between the main site and the e-commerce site, someone could be stealing data off the payment form. I doubt that this has happened because David's using a third party to handle the checkout/payment processing but I haven't dug deeply enough to say for sure.

E-commerce is a bitch to do correctly.
__________________
1987 Ex-MOD 110 Tithonus LHD
2013 LR4


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
/
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
/
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
/
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
/
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
Reply With Quote
Sponsored Links
Advertisement
 
  #22  
Old December 13th, 2013, 02:30 PM
cellulararrest's Avatar
cellulararrest
Status: Offline
Chris Snyder
1994 D90 #614 | '07 L322 SC
Member
 
Join Date: Feb 2006
Location: Newburyport, MA
Posts: 1,544
Technically you're right, but it's pretty easy to determine where code injection happened just by looking at the modified date. It also appears that he has two separate installations for the frontend site and his store. I keep installations in Git making it easy to determine what happened, but I suspect this installation is not.

99% of wordpress attacks are automated and target templates in order to build linkbacks. Which is exactly what this one does.

It's pretty simple to secure a wordpress installation with a few steps (or at least immune against easy automated attacks), but an out of date wordpress installation is a pretty easy target.
Reply With Quote
  #23  
Old December 13th, 2013, 03:00 PM
cellulararrest's Avatar
cellulararrest
Status: Offline
Chris Snyder
1994 D90 #614 | '07 L322 SC
Member
 
Join Date: Feb 2006
Location: Newburyport, MA
Posts: 1,544
Chris, here's the thing cleaned up a bit showing what that JS is doing.

https://gist.github.com/KB1RMA/79503...-output-htm-L9

Basically all it does it place an element outside of the viewport so it's hidden. the JS isn't malicious, really just obfuscated.
Reply With Quote
Sponsored Links
Advertisement
 
  #24  
Old December 13th, 2013, 03:02 PM
down_shift's Avatar
down_shift
Status: Offline
Russell
94' D90 ST & 06' LR3
Member
 
Join Date: Sep 2011
Location: Leesburg, VA
Posts: 4,118
Registry
David, nice website. That represents a lot of work. No viewing issues using IE11.
Not that you are asking for suggestions, but after a user selects "LR Defender" from the "By Brand" drop down tab, the Product Categories column on the left side remains populated with LC and other items. Would think this should only display a subset of your inventory that is related to Defenders.
Reply With Quote
  #25  
Old December 13th, 2013, 03:06 PM
chris snell's Avatar
chris snell
Status: Offline
Chris Snell
87 Ex-MOD 110
Member
 
Join Date: Aug 2005
Location: Kansas
Posts: 2,439
Quote:
Originally Posted by cellulararrest View Post
Chris, here's the thing cleaned up a bit showing what that JS is doing.

https://gist.github.com/KB1RMA/79503...-output-htm-L9

Basically all it does it place an element outside of the viewport so it's hidden. the JS isn't malicious, really just obfuscated.
LOL, it's not often you get to talk about git on D90.
__________________
1987 Ex-MOD 110 Tithonus LHD
2013 LR4


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
/
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
/
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
/
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
/
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
Reply With Quote
  #26  
Old December 17th, 2013, 01:31 PM
atlcruiser
Status: Offline
david
many
Member
 
Join Date: Oct 2011
Location: atlanta
Posts: 848
Got it fixed!


Thanks to all. We had to look pretty deep to find it but we were hacked...now unhooked
__________________
Terrence Anderson
Shipping Manager

URBAN LAND CRUISERS LLC

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

+44 404 915 1281
Atlanta, GA USA

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.



URBAN LAND CRUISERS + ROVERS LTD
1st Floor, 2, Woodberry Grove
London
N12 0DR
UNITED KINGDOM
+44 020 8133 1557

Company Registration No. 09003009

Our new Vehicle Sales site:

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
Reply With Quote
Reply

Lower Navigation
Go Back   Defender Source > Non-Technical Discussions > Misc. Chit-Chat

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Computer Geek or Serial Killer javelinadave Misc. Chit-Chat 10 December 16th, 2005 12:55 PM
d90 makes me ask this needed computer help question paulb Misc. Chit-Chat 5 April 7th, 2005 04:01 PM
Need a DEAD EFI computer for parts Hans Wanted 0 December 5th, 2004 03:21 PM
computer question rover4x4 Misc. Chit-Chat 2 April 18th, 2004 01:43 AM
Computer gaming business Art Vigil For Sale - Parts 2 March 5th, 2004 10:01 AM


All times are GMT -5. The time now is 06:26 AM.


Copyright