If you are not familiar with it, CloudFlareis a free service that provides security and performance boosting for your website. Given the Pros, and essentially 0 cons I reccomend setting it up whenever possible. Due to the fact that there is no real visible sign that CloudFlareis running on your website, it is sometimes necessary to verify this via inspection. This is mildly tedious as it requires going through your browser headers and searching for several strings of information that let you know CloudFlare is active. Since no one else seems to have done it -- I've created a simple tool that verifies that CloudFlare resources are being cached so you can know for certain (via experiment) that things are working.
So there have been a rash of next generation Malware scripts that are using some tools that make them much more difficult to be detected. This post is intended to be a reference to several of the important REGEX patterns that I was albe to use to find the Malware packages to be removed.
<?php $GLOBALS['q489'] = "\x64\x69\x5c\x2b\x6c\x40\x59\x79\x30\x44\x6f\x3a\x27\x2e\x72\x57\x38\x49\x2a\x45
Can be detected with the following string
\<\?php.*(\\x[a-zA-Z0-9]*?)+
Here is another string to detect base64_decode strings with long packages that could indicate that something malicious is hiding
base64_decode(.{200,})
eval\(.*?base64_decode\(.{200,}
Also be sure to be on the look out for these other functions I've seen in conjunction with Malware
str_rot13(), assert()
A few months back I wrote several search extensions for Virtuemart that use the Smart Search or com_finder extension. Last week, D Stockman from Oklahoma reached out to me to suggest creating another version of the Smart Search plugin that works for Virtuemart Manufacturers. There are now three plugins available!
I have also modified the VM Products plugin so that it adds manufacturer taxonomy as well as category taxonomy. This means products can be filtered by their manufacturer!
I was recently setting up some web based forms for decrypting HeidiSQL passwords from the configuration file and decided that I wanted to do it in PHP server side instead of with Javascript. I found jpatters code on Github which I forked and ported to run on PHP. My code on Github is here, and you can use the form I created here!
Decrypt your HeidiSQL configuration passwords.
Base64 Encrypt or Decrpyt a string.
As someone who frequently works with Dreamweaver, its not uncommon to find the only copy of your FTP password is located in that pesky Dreamweaver .ste file. The problem is that this password is encrypted to make it possible to share the .ste file with others without actually sharing the password. The reality is the encryption that is being used is very rudimentary which makes it possible to use a script to decrpty the stored password very easily.