search

pluginkollektiv / antivirus

Useful plugin that will scan your theme templates for malicious injections. Automatically. Every day. For more blog security.
https://wordpress.org/plugins/antivirus/
GNU General Public License v2.0
39 stars 19 forks source link

Add new bad words #67

Open Zodiac1978 opened 4 years ago

Zodiac1978 commented 4 years ago

We could add some more words to the Regex check: https://github.com/pluginkollektiv/antivirus/blob/master/inc/class-antivirus-checkinternals.php#L154

Like functions for adding new administrators (as seen in a recent hack I cleaned up):

wp_create_user
set_role
username_exists
email_exists
add_cap
WP_User

Maybe more concrete, like set_role( 'administrator' )

Zodiac1978 commented 4 years ago

Another one could be preventing to show errors: error_reporting(0);

Zodiac1978 commented 4 years ago

After reading the blog post, we could add visitorTracker_isMob to the list of bad words.

From #14

Zodiac1978 commented 4 years ago

According to OWASP there are more filesystem function we could check for: bzopen and gzopen and chgrp, chownand chmod

And some information disclosure functions like phpinfo, getenv, getmygid/pid/uid.

And for obfuscation functions like: str_rot13