where to find DB injection?

  • Resolved ehrichweiss

    (@ehrichweiss)


    4 years, 10 months ago

    Hi,

    I’m trying to analyze how this malware got into my system and where it’s located but I’m having trouble finding the DB injection. Is there a log to show where it’s actually located and how it’s hidden?

    The output from the plugin in the admin console is…

    2 JBEBP(“<script*.php?zone*</script>”) in mydb_options:ad_code”:15008.1

    but I can’t find any of the script or the “ad_code” option…

    I’ll need to know this to figure out what I can do next because this is the second time I’ve been stung by this “monit.php” malware…

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter ehrichweiss

    (@ehrichweiss)

    Never mind. Apparently it was already removed as I just found the injection in another database so I can identify it now.

    • This reply was modified 4 years, 10 months ago by ehrichweiss.
    Plugin Author Eli

    (@scheeeli)

    There is a hidden plugin (usually in a file called monit.php) that creates these entries in your database. I have added this new threat to my definition update so the source of this threat can now be automatically removed using my plugin. Please download the latest definition updates and run the complete scan to remove this threat ??

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘where to find DB injection?’ is closed to new replies.