Presales Questions

Home Forums BulletProof Security Pro Presales Questions

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #41803
    Raphael
    Participant

    High community,
    I am very new to BPS and have some beginner questions. Thanks for helping me with the start. 😉

    One of my websites is hacked and I installed it in a protected area and removed all plugins besides BPS. After running a test, I can see several suspicious files and several suspicious entries in the DB. My technical level: I am a web designer with high knowledge of HTML/CSS, medium knowledge of PHP and basic knowledge of JS and MySQL.

    My questions:
    1) Is there a tool for removing the marked entries in the DB? In the paid version I see some tools that might be helpful. But I am afraid that I need a tool that is really simple to use, cause my knowledge of MySQL is really not very high.  Without that tool, it would be hard to remove these parts, cause I only have basic knowledge of Databases.

    2) If I bought the paid version: Does the paid version scan deeper or has any other advantages for the process of cleaning the site?

    Thanks
    Raphael

    #41804
    AITpro Admin
    Keymaster

    If the suspicious code in your database is actually hacker code then it would require hacker files in order to be able to do anything.  That is the same principle as all other standard PHP/MySQL code processing.  ie the DB is the content source and the files are the framework/delivery method to deliver your content.  In a nutshell, that means that once you remove all hacker files and code from all files under your hosting account then if there is hacker code in your DB it will be rendered ineffective.  There is only one exception and that is if the hacker has injected spam links into your DB under the wp_posts table.  Injected spam links can work independently using standard WP Core code.  So you would simply delete any/all injected spam links in your wp_posts table.

    There is only 1 way to 100% guarantee that your hosting account is clean of all hacker files/code and that is to clean up the hosting account manually.  I have created a forum help topic here with steps to clean up a hacked hosting account > https://forum.ait-pro.com/forums/topic/wordpress-hacked-wordpress-hack-cleanup-wordpress-hack-repair/

    Lately there has been a resurgence of AnonymousFox hacks.  They are much more sophisticated than your average hack > https://forum.ait-pro.com/forums/topic/wp-dester-and-wpyii2-hacker-plugins/.

    If you would like for me to do the hosting account hack cleanup I offer a very reasonable rate:  $35 base hosting account hack cleanup cost + $15 cost per website. Example: Hosting account/website hack cleanup for 1 site = $50. Hosting account/website hack cleanup for 4 sites = $95.  I guarantee my hosting account hack cleanup for life as long as you have BPS Pro installed.

    #41807
    Raphael
    Participant

    Thank you for that generous offer! I would like to do a short summary in order to see if I understood it well. I would like to clean it up manually on my own in order to learn more. if that does not work, I will be glad if you could continue.

    Here is what I learned (please correct me if I am wrong):
    1) In the first place I have to remove all files in the webspace that contain any modifications that are suspicious or have names that are neither in the core nore in the original plugin files.

    2) I have to see if there are any spam-links in the  wp_posts table.

    That seems to be all. (?)

    PRO vs. free:
    – For future protections, the PRO-version has much more features.
    – If I only want to clean up the free version would be enough. There are no additional features or deeper scans or other things that make the PRO version more effective for detecting malcode.
    – Once I installed the PRO version you offered me a fantastic possibility. Thanks! I will try it alone in order to learn more, in case that I have no success, I will ask you for that offer.

    all the best
    Raphael

     

    #41808
    AITpro Admin
    Keymaster

    1. If you follow the steps in the hosting account hack help forum topic then it has a logical progressive flow in order of importance and so that you don’t end up having to redo things.

    2. A quick way to check if your site has spam or SEO links is to use this google search:  site:your-domain-name.com.  You can also use phpMyAdmin in cPanel to look at your wp_posts database table manually.

    Yes, BPS Pro has more features.  There is a good chance that just cleaning up the hack will be enough even if you only have BPS free.  BPS Pro has an unbeatable feature:  AutoRestore|Quarantine Intrusion Detection & Prevention System (ARQ IDPS).  That is why I can guarantee a hosting account will never be hacked again if BPS Pro is installed.  MScan is the same on both BPS free and Pro.  Malware scanners are good for detecting most hacker files/code, but unfortunately all malware scanners are beatable including MScan.  Hackers are constantly using different methods of obfuscation, which can evade any/all malware scanners.

    This is not intended to be a sales pitch, but the only other WP security plugin that I would trust would be Wordfence if BPS Pro did not exist, but I would still feel vulnerable because Wordfence does not offer something like ARQ IDPS.  😉

    I will be doing a BPS Pro 25% off sale from May 10 – 17 if you decide you want to get BPS Pro.

    #41811
    Raphael
    Participant

    Thanks for all the information.  Here are my last questions:

    1) Does the PRO-version also a scan during uploads? I am working on a client’s site where visitors can upload files to the webspace and the site owner downloads these files to his personal machine in order to work with them. The place where those files are stored will have reduced rights, in order to avoid the execution of malcode. But additionally, I would like to have the files scanned. I recommended Wordfence to the client for doing these scans. But I would be glad if I can recommend BPS instead.

    2) If so: Do we have to sign a contract due to GDPR? In Europe, Wordfence users have to sign a contract, cause Wordfence ships the data to the US for processing. I would be glad if that is not necessary. Any bureaucracy that can be avoided makes me happy. 😉

    Thanks!

     

    #41812
    AITpro Admin
    Keymaster

    1. ARQ IDPS works using a different method than pattern or signature matching since any/all malware scanners can be easily beaten/fooled.  If you are excluding the upload folder from being checked by ARQ then the upload folder will not be checked by ARQ.  If on the other hand you do not exclude the upload folder then any new files that are uploaded to that upload folder will be quarantined.  So you could either exclude the upload folder and scan it with MScan, but all malware scanners can be easily beaten/fooled or you can have the new uploaded files be quarantined, checked first using the Quarantine View File option and then restored or deleted.  Since you are securing the upload folder against execution of malicious code then the better option is to exclude the upload folder from being monitored by ARQ.  If the uploaded files have been rendered harmless then there is nothing additional that is needed.

    2. BPS and BPS Pro offer GDPR option settings.  No contract is necessary since I do not store or collect any personal data.  See this GDPR forum topic for extensive details > https://forum.ait-pro.com/forums/topic/bps-gdpr-compliance/

    #41813
    AITpro Admin
    Keymaster

    Recommendation:  Create a custom solution that adds new uploaded files into a zip archive.  This can be done using either PclZip or ZipArchive.  If you would like examples of that code then contact me directly here > https://www.ait-pro.com/contact/. Note: The custom file archiving feature can be done independently and would not be related to whatever upload form (plugin or custom code) you are using.

Viewing 7 posts - 1 through 7 (of 7 total)
  • You must be logged in to reply to this topic.