Dangerous WordPress Malware : 

A spammer or hacker always try to hack WordPress website or raw PHP website, it's not only those two type website. It could be any type of website. Because a hacker always tries to attack week point into the website. So who developer developed this website and unfortunate keep the security whole into the website it will help for hacker and it could be hacked by the hacker and they could put some malware into this website. The hacker put some shell and try to upload more file like some PHP or python script to execute root permission or brute force to hack cpanel but a hacker anything can do with cpanel if they had successfully uploaded PHP, python, XML shell. Few servers do not accept those file for security reason. But some server accept easily when they can identify the website have some malware then they will generate an email that this server has some malware please take action otherwise your plane will suspend. The message was look like that. some website owner are not check their message continue. That's why they don't know what was problem and they can see only, already hosting plane suspended.They want to contact with hosting provider they are throw a offer that if you want to remove malware you have to pay 300 USD per year.But i am remove the malware from your website only for 20 dollar for each website.

First Step:
If you have malware on the site, you need to backup the site before removing the malware. There are 2 ways to get backup to the WordPress site. The first one is manually backup from Cpanel and the second one is through the plugin. 
 Manually Backup
  • Go to ----> cpanel -> public_html ->  (wp content, htaccess & wp-config file zip) These 3 files need to be zipped and downloaded.

Open the ----> wp-config file and search there DB_NAME. Copy this database name and goto phpmyadmin.


You will find the option to switch from cPanel to PhpMyAdmin.


Then In the phpmyadmin Panel, search by database name. See there my database name was wordpress”. Now I am searching for my database name and click to export database.


Click to go and download the database



Manually backup is complete. You will backup your wordpress site through (updraftplus & all in one wp migration) this plugin. It’s simple, just active one plugin and click to backup site.

Second Step:

Goto Cpanel ----> All files should be deleted except these 3 files (wp config, htaccess and wp content). Then download the WordPress Fresh file from here (https://wordpress.org/download/) and replace the files that have been deleted from cPanel.This means that you can upload all files to cPanel, Exclude the (wp config, htaccess and wp content) this file from your downloaded fresh file.


3rd step:
Reinstall Plugins : Reinstall all your plugins from the WordPress repository or fresh downloads from the premium plugin developer.

Reinstall Themes : Reinstall your theme from a fresh download. Do not upload your old theme, as you may not recognize which files have been hacked.


4th Step:
Activate wordfence plugin and scan your website. If your site is hacked, wordfence will show you many malware files.



See this screenshot. There are Filename: wp-content\themes\astra\index.php. Now It needs to clean the malware script for this location.



This way we have to remove the malware from every file. When the removal of malware from all files is finished then it will be scanned again with wordfence. Hope you understand. 

Final & Advanced Step:
Many times malware files on wordfence do not show scan results. In this case you have to go to cPanel. Each file should be monitored. There are 2 ways to detect malware files. You will see the modified date of each file. Some malware files will have filenames with unknown names.And some malware scripts may contain the theme and plugin's index file.You have to manually check every file. Open the file that you suspect and search by eval. If eval word is stay your file that means this file is infected with malware. See those screenshots.

 



This screenshot is malware website.



This screenshot is without malware.



Author : Neasher Ahmed


DONE. Have A Good Day.
=============================================



Remove Dangerous WordPress Malware from Your Website



Hi, I am Jewele. Now i am going to share How to Deploy you Django app in Cpanel. So Lets Start. First of all we need to login in our cpanel. The we need to Find out the Icon in Image below as name Setup Python App. Then Click it.

Select the The ICON to Setup Python App

After click the icon we will get Setup Python App Configuration Menu as See it in image below
Python Version : Select the Python version to install in virtual environment that will run your Django Application
App Directory : Select the Directory or Folder which Folder from the application will execute. It may be /home/<cpanel Username>/set-to-manually-directory-name
App Domain/URI : This input filed is optional or if your capnel have multi domain or addon domain, You Need to Select your domain that will use to run the Django Application then you need to set up that if you want use the selected main domain or with sub folder. if you want to use sub folder then you need to write the sub folder name.
Example : site.com/example


Then Click on Setup

After click Setup we will get the image below.


You can edit App Directory, App URI, Python Version that was set previously. So now i am going talk about command Execution and Django installation. ok cool. Lets start
We can install the django from click modules to show then select modules that we want to install it could be django, bs4, flask etc or we can install using command execution to type command in Execute command over here. Just type
pip install django
After install the django, you can create new django app typing django-admin startproject <Project Name> then click run or press Enter. or you can upload your pre-developed Django app from different source in your App directory
Now Final Step we need to setup WGI File Location. So Lets start
Now click edit in WGI File Location to set WGI File Location. WGI file is in your app Base directory
__init__.py
settings.py
urls.py
wsgi.py
Just set the wsgi.py file location.

How to Found wsgi.py location ?



First of all go to C panel Dashboard Home page then click File Manager and select your app that was you created or uploaded. then open it you will see a folder and manage.py file. just open the folder then you will see the wsgi.py file then select it and click you mouse to right button and edit it. after open it in editor mode you will see in top left site Editing field have the absulate file location. Just Copy it
Exmaple :
/home/linkh93o/Tests/Test/Test/wsgi.py:application
You must use application tag in location endwith.
Then Save
Now in your settings.py file set the
ALLOW_HOST = [‘Your Domain’]
N.B : Sorry for Bad English. Don’t forget to comment any recommendation or help. 

Run Your Django App In Your Cpanel

HTML and CSS Injection :

Today i will talk about HTML and CSS injection. Any web application design by HTML, CSS and JavaScript, those are  executed in client server. So if any attacker try with execute html or CSS or JavaScript code using URL parameter or input field and if successfully execute in client server via remote server. So this web application is vulnerable.

Now i will Demonstrate with PureVPN Official Website, That contain have HTML and CSS Injection. So Lets Start




1st Step :  Go to the
PureVPN Vulnerable website url

2nd Step : Now i am going to find out URL parameter and set my plain text and hit my enter button.



Now we can see the value that content i was set into URL parameter. So Now we can see plain text so we can call it text injection. Ok now we can try with execute html code into this URL Parameter if it will execute this application is vulnerable. So now the HTML code is also executed




Now I am going try with CSS code it will also execute in this URL.




Video  POC



HTML and CSS Injection POC for PureVPN


How to secure your information in cyber-world? 

We are day by day dependable in mobile phones, computers, and addicted on video games or online games. But when we are to communicate with my friends or family using the internet. We just needed to provide some info to social media or any media to communicate each other. Like mobile number, email and Birthday. Birthday is more than confidential info instate password. We just need to make sure security for those information. 
Example:
we are using LinkedIn, Facebook, Google, Twitter, Instagram. Those websites are required registrar into the website. So we already shared our information with those social media. But those websites are most secure as we know but we also know the cyber world is not secure, anyone can anything anytime in anywhere if they can ping you. So we can trust them 50% that our data is safe because maximum social media are now using our data to sale on the market to collect the million dollars, it could be the billion dollars. Keep in your mind, data is more than valuable like golden. And others 50% they website have cyber-security that no can can not get access in easily. So our data is 50% secure, we can say it. But now we are creating account with lots of website site with our same information each person. So our data is already open by some vulnerable web application.
Example:
My name ABC, and my email is abc@abc.com and birthday is 00.00.0000. So have created account using this information in any secure social media or any secure website with some strong password. But if we are going to create an account using same info in different vulnerable website. Hacker can identify me using the information by vulnerable app.Can you imagine we may have important conversations in social media or online banking info to the transaction amount. A hacker can get access to your secret or confidential info by vulnerable app just for using same info in a different website also password.

How to secure your Facebook account.?Strong Password
Don't keep those passwords which word match in your life history or anything to. Because some hacker is doing strong social Engineering they can analysis your mentality by your Facebook public post photo and that content you shearing regular.

Use Two-Factor Authentication

2nd You can set up two-factor authentication. It's the most secure system that no one can not get access easily to your sim or phone. But cyber-world believe no system is safe but two-factor authentication is much secure. This system working process in blew
when you try to login by unknown browser or IP, it will generate 6 Digit authentication codes then the Facebook server sent to your mobile phone by sim number which you already setup for your Facebook account. Now this system using all popular website like banking Neteller, Skrill, PayPal, Payoneer and popular social Media Facebook, twitter, google, yahoo, Microsoft etc.

How to set Two-Factor Authentication

1. Login to your Facebook account2. go to setting then3. go to Security and Login option4. Click edit and set two-factor authentication using your personal phone Number5. Submit the code which you received
If you are facing something unwanted behavior
Facebook has some special option so you can see when and which browser from you are using and used your Facebook account, and you can still see now how many devices logged in. If you see an unknown device or unknown IP from your account logged in. Just remotely log out from this device for keep safe your Facebook account.
How to understand that session expired and which session still active. Just follow the instruction
1. Login to your Facebook account2. go to setting then3. go to Security and Login option4. Scroll down and you can see "Where You're Logged In"5. If you want to remove single or selected session just click the right option and Click Log Out. It will remotely log from the device.OrIf you want to log out from all of the device also from your device so you can click
Log Out Of All Sessions

How To Secure Your Information In Cyber World || Cyber Security

How To Remove Malware From Web Server

What is Malware ?


Malware is just like a script or unusual tools. It's always harm your website or server and your device. It used for thief your Data or information and money. It's continue made by some Black Hat Hacker to earn money to Black way or Intentionally on someone. but i would like discuss about malware but it's adware but it auto generate from the Malware in web server.


I am Shamim. I am working with cyber security in cyber world. I have an account
Fiverr and Upwork I have been solved lot's of web server malware problem. But I am recently face an unique malware issue for Hostgator server. The server has continue generate some adware code into JavaScript and PHP file. That's way your server all of website redirected into a spam and malware website.



Redirected website Below





How to worked ?


The malware load into index.php file using header file by Javascript CharCode. The code continue generate as randomly CharCode. Also the link create infinity loop. When any one load the JavaScript file it will create an set cookie and set cookie value is randomly added.










How to Solved ?


  • Please check all of Javascript file and removed all of the Malware code.



  • Check all header.php file or Header file and you have to removed  malware link according to image below 

How to Remove malware from Wordpress || deloq.site, tityx.com and bacic.pro Malware

How To Do Brute Force Attack || Cyber Security Blog



A brute-force attack consists of an attacker trying many word list or Many latter Combination with the hope of Luckily guessing correctly.
The attacker systematically checks all possible Word lists and latter Combination until the correct one is found. Alternatively,
the attacker can attempt to guess the key which is typically created from the password using a key derivation function.
This is known as an exhaustive key search.




Brute Force Tools :
Burp Suite
And Custom Word List



1. First we have visit Target website
2. Then we have to open Burp Suite and setting proxy setting in Mozilla Firefox or Any Browser.
3. Then we have to setup Proxy in Burp Suite as a Intercept on.
4. We have try to login in our target website.
5. Then Proxy  HTTP History and click right button on your mouse and sent Intruder
6. And Now go to Intruder Option
select Positions
7. Then clean all Variable and select only those things or target variable which u want to brute force
8. and Select Cluster Bomb
9. Then Select Payload and and now you can add all possible words.IF you already know about username then select only one username. if you don't know your target user's username, u can set all possible words List

Then set password from all possible words list.

Only for username in tab no 1
same. for password list which i have already completed

You can add words by type on burp suite or u can make a word list in txt file.and select it.

Now select any object. The object will be " when u want to login in your target website by typing any user and it will generate error massage if your user info is wrong then error massage make copy and add payload processing

afar all configuration we have click start attack



How To Do Brute Force Attack || Cyber Security Blog