Dangerous WordPress Malware :
A spammer or hacker always try to hack WordPress website or raw PHP website, it's not only those two type website. It could be any type of website. Because a hacker always tries to attack week point into the website. So who developer developed this website and unfortunate keep the security whole into the website it will help for hacker and it could be hacked by the hacker and they could put some malware into this website. The hacker put some shell and try to upload more file like some PHP or python script to execute root permission or brute force to hack cpanel but a hacker anything can do with cpanel if they had successfully uploaded PHP, python, XML shell. Few servers do not accept those file for security reason. But some server accept easily when they can identify the website have some malware then they will generate an email that this server has some malware please take action otherwise your plane will suspend. The message was look like that. some website owner are not check their message continue. That's why they don't know what was problem and they can see only, already hosting plane suspended.They want to contact with hosting provider they are throw a offer that if you want to remove malware you have to pay 300 USD per year.But i am remove the malware from your website only for 20 dollar for each website.
First Step:
If you have malware on the site, you need to backup the site before removing the malware. There are 2 ways to get backup to the WordPress site. The first one is manually backup from Cpanel and the second one is through the plugin.
Manually Backup
- Go to ----> cpanel -> public_html -> (wp content, htaccess & wp-config file zip) These 3 files need to be zipped and downloaded.
Open the ----> wp-config file and search there DB_NAME. Copy this database name and goto phpmyadmin.
You will find the option to switch from cPanel to PhpMyAdmin.
Then In the phpmyadmin Panel, search by database name. See there my database name was “wordpress”. Now I am searching for my database name and click to export database.
Click to go and download the database
Manually backup is complete. You will backup your wordpress site through (updraftplus & all in one wp migration) this plugin. It’s simple, just active one plugin and click to backup site.
Second Step:
Goto Cpanel ----> All files should be deleted except these 3 files (wp config, htaccess and wp content). Then download the WordPress Fresh file from here (https://wordpress.org/download/) and replace the files that have been deleted from cPanel.This means that you can upload all files to cPanel, Exclude the (wp config, htaccess and wp content) this file from your downloaded fresh file.
3rd step:
Reinstall Plugins : Reinstall all your plugins from the WordPress repository or fresh downloads from the premium plugin developer.
Reinstall Themes : Reinstall your theme from a fresh download. Do not upload your old theme, as you may not recognize which files have been hacked.
4th Step:
Activate wordfence plugin and scan your website. If your site is hacked, wordfence will show you many malware files.
See this screenshot. There are Filename: wp-content\themes\astra\index.php. Now It needs to clean the malware script for this location.
This way we have to remove the malware from every file. When the removal of malware from all files is finished then it will be scanned again with wordfence. Hope you understand.
Final & Advanced Step:
Many times malware files on wordfence do not show scan results. In this case you have to go to cPanel. Each file should be monitored. There are 2 ways to detect malware files. You will see the modified date of each file. Some malware files will have filenames with unknown names.And some malware scripts may contain the theme and plugin's index file.You have to manually check every file. Open the file that you suspect and search by eval. If eval word is stay your file that means this file is infected with malware. See those screenshots.
Now remove the malware code. When removal is done then you check the status of your website. Sucuri Site Scan
This screenshot is malware website.
This screenshot is without malware.
DONE. Have A Good Day.
=============================================
Remove Dangerous WordPress Malware from Your Website
HTML and CSS Injection :
Today i will talk about HTML and CSS injection. Any web application design by HTML, CSS and JavaScript, those are executed in client server. So if any attacker try with execute html or CSS or JavaScript code using URL parameter or input field and if successfully execute in client server via remote server. So this web application is vulnerable.
Now i will Demonstrate with PureVPN Official Website, That contain have HTML and CSS Injection. So Lets Start
Today i will talk about HTML and CSS injection. Any web application design by HTML, CSS and JavaScript, those are executed in client server. So if any attacker try with execute html or CSS or JavaScript code using URL parameter or input field and if successfully execute in client server via remote server. So this web application is vulnerable.
Now i will Demonstrate with PureVPN Official Website, That contain have HTML and CSS Injection. So Lets Start
1st Step : Go to the PureVPN Vulnerable website url
2nd Step : Now i am going to find out URL parameter and set my plain text and hit my enter button.
Now we can see the value that content i was set into URL parameter. So Now we can see plain text so we can call it text injection. Ok now we can try with execute html code into this URL Parameter if it will execute this application is vulnerable. So now the HTML code is also executed
Now I am going try with CSS code it will also execute in this URL.
Video POC
HTML and CSS Injection POC for PureVPN
What is Malware ?
Malware is just like a script or unusual tools. It's always harm your website or server and your device. It used for thief your Data or information and money. It's continue made by some Black Hat Hacker to earn money to Black way or Intentionally on someone. but i would like discuss about malware but it's adware but it auto generate from the Malware in web server.
I am Shamim. I am working with cyber security in cyber world. I have an account Fiverr and Upwork I have been solved lot's of web server malware problem. But I am recently face an unique malware issue for Hostgator server. The server has continue generate some adware code into JavaScript and PHP file. That's way your server all of website redirected into a spam and malware website.
Redirected website Below
How to worked ?
The malware load into index.php file using header file by Javascript CharCode. The code continue generate as randomly CharCode. Also the link create infinity loop. When any one load the JavaScript file it will create an set cookie and set cookie value is randomly added.
How to Solved ?
- Please check all of Javascript file and removed all of the Malware code.
- Check all header.php file or Header file and you have to removed malware link according to image below
How to Remove malware from Wordpress || deloq.site, tityx.com and bacic.pro Malware
How To Do Brute Force Attack || Cyber Security Blog
A brute-force attack consists of an attacker trying many word list or Many latter Combination with the hope of Luckily guessing correctly.
The attacker systematically checks all possible Word lists and latter Combination until the correct one is found. Alternatively,
the attacker can attempt to guess the key which is typically created from the password using a key derivation function.
This is known as an exhaustive key search.
1. First we have visit Target website
2. Then we have to open Burp Suite and setting proxy setting in Mozilla Firefox or Any Browser.
3. Then we have to setup Proxy in Burp Suite as a Intercept on.
4. We have try to login in our target website.
5. Then Proxy HTTP History and click right button on your mouse and sent Intruder
6. And Now go to Intruder Option
select Positions
7. Then clean all Variable and select only those things or target variable which u want to brute force
8. and Select Cluster Bomb
9. Then Select Payload and and now you can add all possible words.IF you already know about username then select only one username. if you don't know your target user's username, u can set all possible words List.
Then set password from all possible words list.
Only for username in tab no 1
same. for password list which i have already completed
You can add words by type on burp suite or u can make a word list in txt file.and select it.
Now select any object. The object will be " when u want to login in your target website by typing any user and it will generate error massage if your user info is wrong then error massage make copy and add payload processing
afar all configuration we have click start attack
A brute-force attack consists of an attacker trying many word list or Many latter Combination with the hope of Luckily guessing correctly.
The attacker systematically checks all possible Word lists and latter Combination until the correct one is found. Alternatively,
the attacker can attempt to guess the key which is typically created from the password using a key derivation function.
This is known as an exhaustive key search.
Brute Force Tools :
Burp Suite
And Custom Word List
1. First we have visit Target website
2. Then we have to open Burp Suite and setting proxy setting in Mozilla Firefox or Any Browser.
3. Then we have to setup Proxy in Burp Suite as a Intercept on.
4. We have try to login in our target website.
5. Then Proxy HTTP History and click right button on your mouse and sent Intruder
6. And Now go to Intruder Option
select Positions
7. Then clean all Variable and select only those things or target variable which u want to brute force
8. and Select Cluster Bomb
9. Then Select Payload and and now you can add all possible words.IF you already know about username then select only one username. if you don't know your target user's username, u can set all possible words List.
Then set password from all possible words list.
Only for username in tab no 1
same. for password list which i have already completed
You can add words by type on burp suite or u can make a word list in txt file.and select it.
Now select any object. The object will be " when u want to login in your target website by typing any user and it will generate error massage if your user info is wrong then error massage make copy and add payload processing
afar all configuration we have click start attack
How To Do Brute Force Attack || Cyber Security Blog
Today I want to talk about Two-Factor Authentication Code problem.
Two Factor Authentication is better security for any web Application and this Logic using maximum Web Application.
This security system using that if any hacker got the password from any Facebook account or Web Applications they can not get access their phone number easily. That why it called batter security.But if you try to use Two Factor Authentication code in second time to login to Facebook account it should work successfully unlimited time in Three minutes.I tried and it worked you can see below on video, How to it worked. But Facebook said it's not a bug.
Two-Factor Authentication Code To Login 2nd Time in Facebook users Account || Cyber Security Tech Blog
Today I will discuss Cracking password. The password is the common thing to secure your virtual world like intranet accounts mobile pc or any other devices. Anyone can crack any password. But it has some condition like it maybe takes too big time or few. It depends on Password cracking Algorithm or sometimes you can crack easily in few minutes if you make special word-list for individual password crack and if your luck with you.
Every Cyber Security specialist suggest that use the strong password to keep safe online or any account. But if a hacker gets your encrypted password it's should be cracked.But it's one kind of suggestion not decision. because if you make strong password it will so hard to crack your password but still cracked able this password.
Here is one another thing to get password easily if a user uses common password in everywhere with the same password.
How to find this password?
First of all, I want to say this trick will work well or maybe not worked well.But you can try.Suppose you want to get access any victim account this account should be anywhere. Just collect some information about your victim, like email, name or How much info you have collected.Then search in google and found Where is the place the victim did create account and you can try get access any vulnerable website with the database.If you got success, you should get the user password and now you can try to login with which account get to access using this password.The maximum user uses one password in everywhere.so While it will work well if the user uses one password in everywhere.
Now I want to discuss Cracked MD5 or SHA-1 Hashes
How to Crack MD5 or SHA-1 Hashes?
1. Download the The Cracker
2. Extract The ZIP file.
3. Copy cmd.exe from Default windows installation drive it's should be C: drive.
How to cracked Password || Easiest Way || Cyber Security Blog
Educational Purpose Only
To day i will discuss about email. All internet user always given first priority to email and in future it's will same position. Every internet user have email. But someone use gmail,yahoo, mail, Microsoft email or they can use private email server with own domain.
What is email ?
Email is someone sent you to something and you will received that means it called information shearing. Virtual things Give and Take.
But now maximum user use email for anywhere to create account and need to maintenance by the email. So every user email need to security from hacker.
How to secure your Email ?
Firstly please keep in your mind Cyber world is not secure. You have to make believed it. Any time can occurs anything. No one give you guaranty that online is secure.
- Keep Strong Password and
- Change your password after few days
- Don't use common password
- Don not use email password in any where
- keep on your Second step verification.
Always check where from you are login your email account (Gmail) and if seen number of device with you have connect so make sure those device is it your's or not. if not remote logout from this.
Why you have to use different password in different website to Make sure your Secures ?
Suppose you are using gmail. Gmail have much security. If anyone want to crack your password it's not easy, so difficult. But if you use this email information in create account in anywhere like buy sell product or alluring website or any where.
So when you create your account using any information it's always saved in there database
so now think about it.
No one easily hack gmail account but if you use your gmail info with password to create an account in unsecured website which website any one can hacked. Easily your gmail account got hacked. So carefully use your information to create any profile in any website.
How to Avoid Scam or unwanted email or How to understand About SCAM Email or Spoofed Mail .
Disclose your email row data and find which server from this email come from.
Please the Image and follow it .
How to Make sure our security from any email come to you || Cyber Security and Web Consultancy
- Run the Windows operating system that you want to use
- Go to Windows Button then search Run and then type %windir%, and then click OK.
Or
- Yo can go with My Computer then click your windows installation Folder (Default C: drive).
- Remember This folder will open.(This folder is Working windows folder).Don't try to delete or remove or rename.
- Find the Windows old folder and remove or delete it and click yes to confirm.
- Now Right click on My Computer or Computer then click Properties.
- Now select Advance tab with Startup and Recovery then click setting then it will show The Startup and Recovery dialog box
- Under System startup, click Edit to modify the Boot.ini file.
The Boot.ini file opens in Notepad and looks similar to the following:
- Click on file in notpade and click save as then backup copy of the boot.ini that name as boot.old.Then exit to close it.
In the [boot loader] section of the Boot.ini file, identify and then delete the line of text for the Windows operating system that you want to remove. For example, if the Windows folder that you removed in step 4 was for the Microsoft Windows XP Home Edition operating system, remove the following line of text from the Boot.ini file:
- click the file in notpade and save it as boot.ini file.then exit it.
- Click OK to close the Startup and Recovery dialog box.
- Restart your computer.
Source : Microsoft
How to remove second installation file or Multiple Operating System
By Firewal Ami
To create a bootable USB drive manually we will use Command Promote windows default Program.Here are step by step to create a boot able USB drive as the windows installation media,We require minimum 4 GB for Manually capacity.If you have . larger capacity, ok most welcome.
1.First you need to open Command Promote (CMD).Click Start Button and type CMD and open it with Administration.
2.Type diskpart
3.Then Type "list Disk"
It will show Disk list..Such as first or Disk 0 is showing Your hard drive then next all off showing external hard drive (such as pen drive )
4. Then which drive i want to boot able.Now i want to show Disk 1. Because Disk 1 is my pen drive. So let Start
Type "select disk 1"
5. You need to clean your Disk-part. So type "clean"
6. Now you need to create partition. So type "create partition primary"
Now Let's Enjoy !!!!!!!!!!!!!!
Make Bootable USB pendrive for ALL Windows || Cyber Security Blog
YouTube
YouTube is most popular video sharing site.But it's have some Limitation.No one can not upload piracy video or content.But maximum funny video and Music video Tutorials adventure etc publish in YouTube. But sometime you need to download some video.Some People can download video by using some tricks and tools. Also i want share some Tricks and tools.
How to Download Video From YouTube :
Just go to your Target Video URL and add www.10 or www.ss then all same.You can Follow My GIF Format Photo.
How to Download Video From YouTube Using Tools :
YouTube Download Manager (YTD):
It's one of another most popular tool for video download.It's also premium software.You can also get cracked version from torrent website.
How to Use ?
Just copy target video url and paste the it in paste section on the app.Then download it all Size's.
What is Torrent ?
TORRENT is a file extension for a BitTorrent file format used by BitTorrent clients. Torrent files contain text and point out the trackers for a download to begin downloading from distributors (known as seeders) and requesting clients (known as leachers) P2P Connection.
If you want to download any file from torrent website. Just go to torrent website and collect Torrent hash code (But you must need install utorrent app or Torch Browser) and add the hash code with the code. (magnet:?xt=urn:btih:??????????????????????????).
YouTube is most popular video sharing site.But it's have some Limitation.No one can not upload piracy video or content.But maximum funny video and Music video Tutorials adventure etc publish in YouTube. But sometime you need to download some video.Some People can download video by using some tricks and tools. Also i want share some Tricks and tools.
How to Download Video From YouTube :
Just go to your Target Video URL and add www.10 or www.ss then all same.You can Follow My GIF Format Photo.
How to Download Video From YouTube Using Tools :
YouTube Download Manager (YTD):
It's one of another most popular tool for video download.It's also premium software.You can also get cracked version from torrent website.
How to Use ?
Just copy target video url and paste the it in paste section on the app.Then download it all Size's.
What is Torrent ?
TORRENT is a file extension for a BitTorrent file format used by BitTorrent clients. Torrent files contain text and point out the trackers for a download to begin downloading from distributors (known as seeders) and requesting clients (known as leachers) P2P Connection.
If you want to download any file from torrent website. Just go to torrent website and collect Torrent hash code (But you must need install utorrent app or Torch Browser) and add the hash code with the code. (magnet:?xt=urn:btih:??????????????????????????).
How to Download Video From Youtube, Facebook and Torrent
How to Take Screen Shot
Using free Software to take Screenshot
- From Windows
- Which movement to take screen shot on your pc and then Press (Print Screen Sys Rq or prt sc) Key.
- Then Open paint application (Windows Default software ).You can also search in your pc "Paint".When it open just Press (Ctrl+v) or paste it.and save it.
- You can use Snipping Tool.
- Just Search on your pc to using to the keyword (Snipping Tool) and open it.Then you can press New and save it.
Using free Software to take Screenshot
- 1st you need to Download this Software and Need to Install this.After Successfully install it.Then you need to run this application and take Screen Shot as a PNG format.You can also take as a GIF format with edit option
How to Take Screenshot Using Software and Default Windows Application
By Firewal Ami
About Udemy
Few expert instructor are offer there paid course in free for Publicity by Creating coupon code.I have coupon code available for every category. It's limited.If you want to Udemy Course coupon code.Just Comment Blew.i will try to give you coupon code.
Few Course name
2. How to Create Internet Stores the EASY WAY Using Wordpress $20, 100% FREE
3. Successful Interpersonal Interactions For Entrepreneurs $20, 100% FREE
4. Project Scope Management: Writing Good Requirements $95, 100% FREE
5. The iOS 10 Bible™ | Swift 3 & Objective-C for Beginners $100, 100% FREE
6. Aprende Ionic 2 desde cero: Curso inmersivo $145, 100% FREE
7. Am I Experiencing Domestic Abuse and Is It Time To Go $29, 100% FREE
8. The Complete Instagram Marketing Course - 7 Courses In 1 $200, 100% FREE
9. HTML5 & CSS3 : Landing Pages for Entrepreneurs 2016 $20, 100% FREE
10. 11 Dangerous Mistakes Affiliate Marketers Should Avoid $20, 100% FREE
11. PM IT: Project Management Professional for Software Projects $20, 100% FREE
12. Email Marketing Mastery: Convert Your Leads into Buyers $200, 100% FREE
13. Comienza con SQL: Descarga los datos tu mismo con SQL! $30, 100% FREE
14. Building Websites Web Design HTML and CSS $75, 100% OFF
15. Running a Business - Bar & Hospitality Management Course $100, 100% OFF
16. Speak Spanish from day 1 + Skype time with our instructors! $20, 100% OFF
and more ...............................
Udemy is the world’s online learning marketplace, where 10 million+ students are taking courses in everything from programming to yoga to photography–and much, much more. Each of there 40,000+ courses is taught by an expert instructor, and every course is available on-demand, so students can learn at their own pace, on their own time, and on any device.
Few expert instructor are offer there paid course in free for Publicity by Creating coupon code.I have coupon code available for every category. It's limited.If you want to Udemy Course coupon code.Just Comment Blew.i will try to give you coupon code.
Few Course name
2. How to Create Internet Stores the EASY WAY Using Wordpress $20, 100% FREE
3. Successful Interpersonal Interactions For Entrepreneurs $20, 100% FREE
4. Project Scope Management: Writing Good Requirements $95, 100% FREE
5. The iOS 10 Bible™ | Swift 3 & Objective-C for Beginners $100, 100% FREE
6. Aprende Ionic 2 desde cero: Curso inmersivo $145, 100% FREE
7. Am I Experiencing Domestic Abuse and Is It Time To Go $29, 100% FREE
8. The Complete Instagram Marketing Course - 7 Courses In 1 $200, 100% FREE
9. HTML5 & CSS3 : Landing Pages for Entrepreneurs 2016 $20, 100% FREE
10. 11 Dangerous Mistakes Affiliate Marketers Should Avoid $20, 100% FREE
11. PM IT: Project Management Professional for Software Projects $20, 100% FREE
12. Email Marketing Mastery: Convert Your Leads into Buyers $200, 100% FREE
13. Comienza con SQL: Descarga los datos tu mismo con SQL! $30, 100% FREE
14. Building Websites Web Design HTML and CSS $75, 100% OFF
15. Running a Business - Bar & Hospitality Management Course $100, 100% OFF
16. Speak Spanish from day 1 + Skype time with our instructors! $20, 100% OFF
and more ...............................
Udemy Coupon code Free
Today i will discuss about Facebook malware.Few Spammer make malware script upload few free hosting server or google blog spot.Then share it on Social Media.If you click the Spam link it's only take some permission from Facebook account.Such as Create Post, Massage, Share, with Tag.Even It make a link using your photo(Who click the link).It's a attractive post for every people..so be care full do not click every link Without confirm.
Few CSE student also effected by this malware.It's very disappoint for us.
How to Remove Malware
Few CSE student also effected by this malware.It's very disappoint for us.
How to Remove Malware
- Login your FB Account
- Download Facebook Malware remover
- Open it and Automatic Clean Your all Malware Post also if you have malware Plugin in your Browser it also removed.
How to Remove spam from Facebook
By Firewal Ami
Sample Step to always keep secure your Gmail Account
Gmail or any mail security is mandatory.Because you to used all of website to create account or others service.If your mail will hacked i think your all of Should hacked.
When you create you your gmail account, Please note your,Full name, gmail creation date, recovery mail and Password keep secure it.Don't share it with others.If any body know these information he/she can access in the gmail.
1) 2nd Step verification
When you login from different browser and device, it will sent you a unique key in your Phone number, Which phone number you have setup in your gmail account.
Phone Verification is most powerful secure option.Because, If any hacker will know your mail and mail password he can not login your gmail.
2) Clean Your Browser Data
When your work will end.You need to log out from browser and also need clean your all browser data.
Gmail or any mail security is mandatory.Because you to used all of website to create account or others service.If your mail will hacked i think your all of Should hacked.
When you create you your gmail account, Please note your,Full name, gmail creation date, recovery mail and Password keep secure it.Don't share it with others.If any body know these information he/she can access in the gmail.
1) 2nd Step verification
When you login from different browser and device, it will sent you a unique key in your Phone number, Which phone number you have setup in your gmail account.
Phone Verification is most powerful secure option.Because, If any hacker will know your mail and mail password he can not login your gmail.
2) Clean Your Browser Data
When your work will end.You need to log out from browser and also need clean your all browser data.
How to Secure Your Google Email
By Firewal Ami
Follow Three step to makes secure your Facebook Account.
1) Enable Second Step Verification
Go to Home -> Account Settings -> Security -> Login Approvals
 |
| Facebook Secure 1 |
 | |
|
 | |
|
Set up your personal phone number.When you try to login from different browser.it will sent you 6 digit security key.
if any hacker get your password, They can not login your account without security key.
(2)To Enable Login Notification
Go to Home Account Settings -> Security -> Login Alerts.
 |
| Facebook Secure 4 |
3) Always check your Active Sessions.
It will provide you that Which device from log in now and which device from log in,also It will provide every login activity.
 |
| Facebook Secure 5 |
To Check Active Sessions
Go to Home -> Account Settings -> Security -> Where You're Logged In
4) Clean Your Browser data after logout from your device
You can use click and Clean Adons for clean your Browser data.
How to Secure your Facebook account from Hackers
By Firewal Ami
Subscribe to:
Comments (Atom)
