The ArcadeVillage blog
WordPress hacked for the last time, I believed it !
2019-07-29 PHP
I thought I was finally rid of hackers, but I had forgotten one of their techniques: add code directly into the database.In my previous article, I explained how Wordpress stores its articles in the database.The hackers modify the code of Wodpress but also the table wp_posts by adding at the end of each text of your articles a line of javascript code.
So I changed my CCWPAccess class so that it does not load this javascript code. I remember that this class does not protect Wordpress hackers, it's impossible, but can display articles without going through Wordpress. Wordpress is only used as a word processor.
I changed only the loadPost function.
function loadPost($bdd, $id)
{
$s = "select post_type, post_title,post_date,post_content from wp_posts where ID = ".$id;
$q=mysqli_query ($bdd,$s);
if ( $r=mysqli_fetch_array($q) )
{
if ( $r["post_type"] == "post" )
{
$this->id = $id;
$this->title = $r["post_title"];
$this->pdate = $r["post_date"];
$this->content = $r["post_content"];
$icmt = strpos($this->content,"<script");
if ( $icmt !== false )
$this->content = substr($this->content,0,$icmt);
}
}
Cette fonction peut encore être améliorée car elle part du principe qu'il n'y a qu'une séquence javascript ajoutée. Je suppose qu'il y en aura plusieurs dans le futur.
Lasts posts
2023-08-15 New version of Life On Mars
2023-08-05 Play Crossfire
2023-08-02 Prokofiev on Mars
2023-07-23 No to annoying sounds!
2023-07-13 'Build a drone launcher building. I take care of the diplomacy!'
Buy me a coffee
Social network
