Filtering javascript injection

  • Resolved gwdlarry

    (@gwdlarry)


    4 years, 5 months ago

    Hello there,
    one of our sites has been hacked with javascript redirection code injected in the wp_posts.post_content table field. We successfully removed it. However, I’m looking for a solution able to block such attacks (I’m already using a firewall plugin that seems to let this type of attack through at the moment).
    As any executable javascript code is unwanted in a post, my thought is to filter out the sql statement needed for such an attack. I think the statement to filter out would look something like
    "update wp_posts set post_content=xyz<script ...></script>"
    So my question is: would your plugin block such an attack?
    Thank you.
    Best, Larry.

Viewing 1 replies (of 1 total)
  • Plugin Author Jeff Starr

    (@specialk)

    Hi Larry,

    Yes, the <script portion of the string would be blocked immediately. No way that request would get thru with BBQ (free or pro version). To verify, you can install the plugin and try that request yourself. The result: stopped cold.

Viewing 1 replies (of 1 total)
  • The topic ‘Filtering javascript injection’ is closed to new replies.