The Scarlet Pimp
Supreme Member
- Apr 2, 2008
- 1,266
- 4,231
below is a short list of plugins that hackers in europe were searching for on my domain. these plugins probably have known flaws so you should either update them pronto or remove them. i also included some security app links.
/modules/mod_simplefileuploadv1.3/elements/udd.php
/modules/productpageadverts/uploadimage.php
/modules/simpleslideshow/uploadimage.php
/modules/vtemslideshow/uploadimage.php
/tiny_mce/plugins/tinybrowser/upload_file.php
/uploadify/uploadify.php
/wp-content/plugins/./simple-image-manipulator/controller/download.php
/wp-content/plugins/all-in-one-seo-pack/aioseop_utility.php
/wp-content/plugins/candidate-application-form/downloadpdffile.php
/wp-content/plugins/complete-gallery-manager/frames/upload-images.php
/wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js
/wp-content/plugins/dzs-zoomsounds/admin/admin.js
/wp-content/plugins/formcraft/file-upload/server/php/upload.php
/wp-content/plugins/gravityforms/js/gravityforms.js
/wp-content/plugins/i-dump-iphone-to-wordpress-photo-uploader
/uploader.php
/wp-content/plugins/jquery-html5-file-upload/jquery-html5-file-upload.php
/wp-content/plugins/landing-pages/tests/phantomjs/server.php
/wp-content/plugins/recent-backups/download-file.php
/wp-content/plugins/revslider/js/rev_admin.js
/wp-content/plugins/revslider/temp/update_extract/revslider/db.php
/wp-content/plugins/robotcpa/f.php
(https://www.exploit-db.com/exploits/37252/)
/wp-content/plugins/showbiz/js/showbiz_admin.js
/wp-content/plugins/simple-ads-manager/js/slider/tmpl.js
/wp-content/plugins/Tevolution/tmplconnector/monetize/templatic-custom_fields/single-upload.php
/wp-content/plugins/woocommerce-product-options/includes/image-upload.php
/wp-content/plugins/wp-easy-gallery-pro/admin/php.php
/wp-content/plugins/wp-ecommerce-shop-styling/includes/download.php
/wp-content/plugins/wp-mobile-detector/cache/db.php
/wp-content/plugins/wp-symposium/server/php/jabqAxkifFpZxp.php
/wp-content/plugins/wp-symposium/server/php/kstfAxviOFpZew.php
/wp-content/plugins/wptf-image-gallery/lib-mbox/ajax_load.php
/wp-content/plugins/wysija-newsletters/js/tinymce/tiny_mce.js
/wp-content/themes/bold-headline/js/jquery.fittext.js
/wp-content/themes/pinboard/404.php
/wp-content/themes/u-design/scripts/script.js
/wp-config.php.bak
/wp-config.php.save
/wp-config.php~
===
Decrypt JS Packer Code:
1. copy and paste the packed code into
http://dean.edwards.name/unpacker/
2. paste the decompressed code into
http://jsbeautifier.org and read the results.
===
Decode Base64:
http://ottodestruct.com/decoder.php
Website Malware and Security Scanner:
http://sitecheck.sucuri.net/scanner/
Website Security Check,
http://www.unmaskparasites.com
===
Security Add-Ons:
1. Acunetix Scanner,
http://wordpress.org/extend/plugins/wp-security-scan/
2. Anti-Malware,
https://wordpress.org/plugins/gotmls/
3. Anti-Virus,
http://wordpress.org/extend/plugins/antivirus/
4. Bulletproof Security,
http://wordpress.org/extend/plugins/bulletproof-security/
5. Database Backup,
http://wordpress.org/plugins/wp-database-backup/
6. Exploit Scanner,
https://wordpress.org/plugins/exploit-scanner/
7. Firewall,
http://wordpress.org/extend/plugins/wordpress-firewall-2/
8. Login Lockdown,
http://wordpress.org/extend/plugins/login-lockdown/
9. Word Fence,
http://wordpress.org/extend/plugins/wordfence/
===
WP Theme Detecter:
http://wpthemedetector.com
/modules/mod_simplefileuploadv1.3/elements/udd.php
/modules/productpageadverts/uploadimage.php
/modules/simpleslideshow/uploadimage.php
/modules/vtemslideshow/uploadimage.php
/tiny_mce/plugins/tinybrowser/upload_file.php
/uploadify/uploadify.php
/wp-content/plugins/./simple-image-manipulator/controller/download.php
/wp-content/plugins/all-in-one-seo-pack/aioseop_utility.php
/wp-content/plugins/candidate-application-form/downloadpdffile.php
/wp-content/plugins/complete-gallery-manager/frames/upload-images.php
/wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js
/wp-content/plugins/dzs-zoomsounds/admin/admin.js
/wp-content/plugins/formcraft/file-upload/server/php/upload.php
/wp-content/plugins/gravityforms/js/gravityforms.js
/wp-content/plugins/i-dump-iphone-to-wordpress-photo-uploader
/uploader.php
/wp-content/plugins/jquery-html5-file-upload/jquery-html5-file-upload.php
/wp-content/plugins/landing-pages/tests/phantomjs/server.php
/wp-content/plugins/recent-backups/download-file.php
/wp-content/plugins/revslider/js/rev_admin.js
/wp-content/plugins/revslider/temp/update_extract/revslider/db.php
/wp-content/plugins/robotcpa/f.php
(https://www.exploit-db.com/exploits/37252/)
/wp-content/plugins/showbiz/js/showbiz_admin.js
/wp-content/plugins/simple-ads-manager/js/slider/tmpl.js
/wp-content/plugins/Tevolution/tmplconnector/monetize/templatic-custom_fields/single-upload.php
/wp-content/plugins/woocommerce-product-options/includes/image-upload.php
/wp-content/plugins/wp-easy-gallery-pro/admin/php.php
/wp-content/plugins/wp-ecommerce-shop-styling/includes/download.php
/wp-content/plugins/wp-mobile-detector/cache/db.php
/wp-content/plugins/wp-symposium/server/php/jabqAxkifFpZxp.php
/wp-content/plugins/wp-symposium/server/php/kstfAxviOFpZew.php
/wp-content/plugins/wptf-image-gallery/lib-mbox/ajax_load.php
/wp-content/plugins/wysija-newsletters/js/tinymce/tiny_mce.js
/wp-content/themes/bold-headline/js/jquery.fittext.js
/wp-content/themes/pinboard/404.php
/wp-content/themes/u-design/scripts/script.js
/wp-config.php.bak
/wp-config.php.save
/wp-config.php~
===
Decrypt JS Packer Code:
1. copy and paste the packed code into
http://dean.edwards.name/unpacker/
2. paste the decompressed code into
http://jsbeautifier.org and read the results.
===
Decode Base64:
http://ottodestruct.com/decoder.php
Website Malware and Security Scanner:
http://sitecheck.sucuri.net/scanner/
Website Security Check,
http://www.unmaskparasites.com
===
Security Add-Ons:
1. Acunetix Scanner,
http://wordpress.org/extend/plugins/wp-security-scan/
2. Anti-Malware,
https://wordpress.org/plugins/gotmls/
3. Anti-Virus,
http://wordpress.org/extend/plugins/antivirus/
4. Bulletproof Security,
http://wordpress.org/extend/plugins/bulletproof-security/
5. Database Backup,
http://wordpress.org/plugins/wp-database-backup/
6. Exploit Scanner,
https://wordpress.org/plugins/exploit-scanner/
7. Firewall,
http://wordpress.org/extend/plugins/wordpress-firewall-2/
8. Login Lockdown,
http://wordpress.org/extend/plugins/login-lockdown/
9. Word Fence,
http://wordpress.org/extend/plugins/wordfence/
===
WP Theme Detecter:
http://wpthemedetector.com