If you are not familiar with it, CloudFlareis a free service that provides security and performance boosting for your website. Given the Pros, and essentially 0 cons I reccomend setting it up whenever possible. Due to the fact that there is no real visible sign that CloudFlareis running on your website, it is sometimes necessary to verify this via inspection. This is mildly tedious as it requires going through your browser headers and searching for several strings of information that let you know CloudFlare is active. Since no one else seems to have done it -- I've created a simple tool that verifies that CloudFlare resources are being cached so you can know for certain (via experiment) that things are working.
So there have been a rash of next generation Malware scripts that are using some tools that make them much more difficult to be detected. This post is intended to be a reference to several of the important REGEX patterns that I was albe to use to find the Malware packages to be removed.
<?php $GLOBALS['q489'] = "\x64\x69\x5c\x2b\x6c\x40\x59\x79\x30\x44\x6f\x3a\x27\x2e\x72\x57\x38\x49\x2a\x45
Can be detected with the following string
Here is another string to detect base64_decode strings with long packages that could indicate that something malicious is hiding
Also be sure to be on the look out for these other functions I've seen in conjunction with Malware
A few months back I wrote several search extensions for Virtuemart that use the Smart Search or com_finder extension. Last week, D Stockman from Oklahoma reached out to me to suggest creating another version of the Smart Search plugin that works for Virtuemart Manufacturers. There are now three plugins available!
I have also modified the VM Products plugin so that it adds manufacturer taxonomy as well as category taxonomy. This means products can be filtered by their manufacturer!
Decrypt your HeidiSQL configuration passwords.
Base64 Encrypt or Decrpyt a string.
As someone who frequently works with Dreamweaver, its not uncommon to find the only copy of your FTP password is located in that pesky Dreamweaver .ste file. The problem is that this password is encrypted to make it possible to share the .ste file with others without actually sharing the password. The reality is the encryption that is being used is very rudimentary which makes it possible to use a script to decrpty the stored password very easily.