Webmaster Security

Do nulled scripts contain malware?

Submitted by leemonadestand, , Thread ID: 130912

Thread Closed
19-05-2019, 08:16 AM
#1
Do nulled scripts contain malware or is that just hype?

I'd like to see file comparisons with diff tools to see what PHP lines have been altered. Anything like that ever available?

For Wordpress, specifically, what do you use to scan for malware in your plugins?

RE: Do nulled scripts contain malware?

#2
19-05-2019, 08:16 AM
leemonadestand Wrote:
Do nulled scripts contain malware or is that just hype?

I'd like to see file comparisons with diff tools to see what PHP lines have been altered. Anything like that ever available?

For Wordpress, specifically, what do you use to scan for malware in your plugins?

Of course some nulled scripts contain backdoors - not so sure about malware - although it is possible.

There are some tools that analyze malware. For Wordpress it can be hit or miss. Because its so widely used, it's honestly one of the highest targeted softwares out there. I recently cleaned a client site that was infected with a botnet payload throughout many of the website core files.

Sucuri offers pretty good products and Wordpress firewall. They have a monthly plan that you can check out. Also Wordfence has been a great plugin for scanning files I've found. It helped me fine a lot of tricky stuff like where they scrolled far over or far down to hide encrypted strings in the php code. But yeah - it's a constant battle. If you want peace of mind, I'd suggest paying. I used to use vbulletin from vbteam for years and never had issues. I guess it depends on the team that is providing the null. Always check to see who is posting and look at their reputation.

Also another tool I highly recommend if you're running a vps or dedicated server is bitninja.io. Their WAF is great, as well as their server firewall and security.

RE: Do nulled scripts contain malware?

OP
#3
19-05-2019, 10:52 PM
tonyhawk Wrote:
Of course some nulled scripts contain backdoors - not so sure about malware - although it is possible.

There are some tools that analyze malware. For Wordpress it can be hit or miss. Because its so widely used, it's honestly one of the highest targeted softwares out there. I recently cleaned a client site that was infected with a botnet payload throughout many of the website core files.

Sucuri offers pretty good products and Wordpress firewall. They have a monthly plan that you can check out. Also Wordfence has been a great plugin for scanning files I've found. It helped me fine a lot of tricky stuff like where they scrolled far over or far down to hide encrypted strings in the php code. But yeah - it's a constant battle. If you want peace of mind, I'd suggest paying. I used to use vbulletin from vbteam for years and never had issues. I guess it depends on the team that is providing the null. Always check to see who is posting and look at their reputation.

Also another tool I highly recommend if you're running a vps or dedicated server is bitninja.io. Their WAF is great, as well as their server firewall and security.

Do those scan for backdoors, too?

What's WAF?

RE: Do nulled scripts contain malware?

#4
20-05-2019, 10:01 AM
leemonadestand Wrote:
Do those scan for backdoors, too?

Yes, they scan for malicious code - backdoors being one of those.


Quote:What's WAF?

Web Application Firewall.

RE: Do nulled scripts contain malware?

#5
Yes some of them have a backdoor you need to be careful what are you installing on your server so you can protect it.

RE: Do nulled scripts contain malware?

#6
19-05-2019, 08:16 AM
leemonadestand Wrote:
Do nulled scripts contain malware or is that just hype?

I'd like to see file comparisons with diff tools to see what PHP lines have been altered. Anything like that ever available?

For Wordpress, specifically, what do you use to scan for malware in your plugins?

many nulled wordpress theme i find malware or backdoor code.

i usualy check code manually like fuction.php or header.php in theme folder. and many malware script use basecode64 to hidden function code . Smilemany malware uses basecode64 to disguise the function code
I usually check the code manually on function.php, or header.php
I usually check the code manually on function.php, or header.php

RE: Do nulled scripts contain malware?

#7
Jaja siwe pero no entiendo nada de lo que dicen asi que no me baneen a lo malo plox

RE: Do nulled scripts contain malware?

#8
Not all of them, but it's possible for sure. It's not that hard popping a backdoor in a script.

RE: Do nulled scripts contain malware?

#9
19-05-2019, 08:16 AM
leemonadestand Wrote:
Do nulled scripts contain malware or is that just hype?

I'd like to see file comparisons with diff tools to see what PHP lines have been altered. Anything like that ever available?

For Wordpress, specifically, what do you use to scan for malware in your plugins?

Unfotunely most of them, I guess its fair since you don't need to pay for those leaks
[Image: 5SW8d4t.jpg]
Don't forget. Always, somewhere, someone is fighting for you. As long as you remember her, you are not alone.

RE: Do nulled scripts contain malware?

#10
some of the Minecraft files contain viruses and it was incomplete.e

Users browsing this thread: 5 Guest(s)