Arcade Village Blog

WordPress hacked for the last time, I believed it !

I thought I was finally rid of hackers, but I had forgotten one of their techniques: add code directly into the database.
In my previous article, I explained how Wordpress stores its articles in the database.

The hackers modify the code of Wodpress but also the table wp_posts by adding at the end of each text of your articles a line of javascript code.

So I changed my CCWPAccess class so that it does not load this javascript code. I remember that this class does not protect Wordpress hackers, it's impossible, but can display articles without going through Wordpress. Wordpress is only used as a word processor.

I changed only the loadPost function.

function loadPost($bdd, $id)
{
$s = "select post_type, post_title,post_date,post_content from wp_posts where ID = ".$id;
$q=mysqli_query ($bdd,$s);
if ( $r=mysqli_fetch_array($q) )
{
if ( $r["post_type"] == "post" )
{
$this->id = $id;
$this->title = $r["post_title"];
$this->pdate = $r["post_date"];
$this->content = $r["post_content"];
$icmt = strpos($this->content,"<script");
if ( $icmt !== false )
$this->content = substr($this->content,0,$icmt);

}
}

Cette fonction peut encore être améliorée car elle part du principe qu'il n'y a qu'une séquence javascript ajoutée. Je suppose qu'il y en aura plusieurs dans le futur.