Mauris a risus ipsum, sed condimentum magna. Nunc a lorem quis augue rhoncus congue. Sed non quam sit amet est volutpat dapibus. Donec quis erat eu elit faucibus pulvinar. Nullam aliquam nibh id dolor varius dapibus. Quisque lacinia imperdiet diam vitae facilisis. Cras non est tortor. Donec sollicitudin tellus vitae mauris convallis sed luctus mi scelerisque. Fusce quam quam, iaculis quis bibendum sit amet, convallis nec lorem. Aliquam lobortis arcu non elit vehicula sodales.
If you are not familiar with it, CloudFlareis a free service that provides security and performance boosting for your website. Given the Pros, and essentially 0 cons I reccomend setting it up whenever possible. Due to the fact that there is no real visible sign that CloudFlareis running on your website, it is sometimes necessary to verify this via inspection. This is mildly tedious as it requires going through your browser headers and searching for several strings of information that let you know CloudFlare is active. Since no one else seems to have done it -- I've created a simple tool that verifies that CloudFlare resources are being cached so you can know for certain (via experiment) that things are working.
Read more... |
So there have been a rash of next generation Malware scripts that are using some tools that make them much more difficult to be detected. This post is intended to be a reference to several of the important REGEX patterns that I was albe to use to find the Malware packages to be removed.
<?php $GLOBALS['q489'] = "\x64\x69\x5c\x2b\x6c\x40\x59\x79\x30\x44\x6f\x3a\x27\x2e\x72\x57\x38\x49\x2a\x45
Can be detected with the following string
\<\?php.*(\\x[a-zA-Z0-9]*?)+
Here is another string to detect base64_decode strings with long packages that could indicate that something malicious is hiding
base64_decode(.{200,})
eval\(.*?base64_decode\(.{200,}
Also be sure to be on the look out for these other functions I've seen in conjunction with Malware
str_rot13(), assert()
Read more... |
As someone who frequently works with Dreamweaver, its not uncommon to find the only copy of your FTP password is located in that pesky Dreamweaver .ste file. The problem is that this password is encrypted to make it possible to share the .ste file with others without actually sharing the password. The reality is the encryption that is being used is very rudimentary which makes it possible to use a script to decrpty the stored password very easily.
Read more... |
Read more... |