Malware in DB – how to identify

  • After cleaning my site entirely and changing db-user and its password to 50 random chars, as well as the ONLY account, admin, to another 50 random chars, deleting the entire old installation and all plugins and the theme as well, and of course new salt-code and then reinstalling everything fresh AND adding very, very strict .htaccess-files in ALL folders and root – the fu***ng malwarecode again appeared in my root htaccess and in the themes header code. This must mean that something must be stored somewhere in my DB, of course encoded, but how on earth am I supposed to find this shit and kill it once for all??
    I am willing to crawl into every single row in order to get rid of this pest, but I really do not kinow what I am looking after.
    Any ideas?

Viewing 2 replies - 16 through 17 (of 17 total)

  • Right now, we think this is part of your hack rather than anything added by WordPress itself. That said, it’s not possible to rule this being added by a poorly-designed plugin. Or even a theme (I’ve seen some themes that require FTP access).

    Thread Starter ThorHammer

    (@thorhammer)

    And I have just emptied and dropped this row. Everything works as it should.
    It will be very interesting to see if this has any effect, among all the other things I have done, to prevent further malicious code injections.

Viewing 2 replies - 16 through 17 (of 17 total)
  • The topic ‘Malware in DB – how to identify’ is closed to new replies.