In this session we show how to check the database for malware and infections by testing the site for URL hijacking and Pharma Hack after the site is up. We check for any infections that are present and remove them.
The next thing to do is to check our database to see if there are any infections in our database. We really have 2 different types of infections that we’re going to check for here. We’re going to check for URL hijacking infection and we’re going to check for what’s known as the Pharma Hack. We needed to check for this after we got our site up especially for the URL Hijacking because the easiest way to fix that is to go into the page that the hijacking exists on.
We’re going to start off by testing for this URL Hijacking and that means we’re going to be back in our database. This code is going to be available for use on the forum. I’m copying it from a text file here and you’ll be able to download this from the forum under the Live Answer code. There also may be a download link for a text file that you can use below this video. You can take a look there and then go look on the forum for this code.
What we’re going to do is come over to SQL and in the place of that, we’re going to paste this. Select from WP posts where post content is this iframe then select where there is a no script and select where there is the display. We’re going to go ahead and say go. Okay and it says my SQL returned an empty result set which means that the site was not hacked this way. We didn’t have this URL Hijacking inside the database so we don’t have to make any changes. All we had to do was search for it.
The second thing we’re going to do is to search for the pharma code and that code is also going to be available here on a file. Okay so we’ll go ahead and paste that there and say go. Say okay. Okay so this happened in 0 row 0 row 0 row 0 row. In fact, this didn’t exist at all or this pharma hack wasn’t also on the site. The only kind of hack we had was the backdoor hack which we completely removed by removing all of the existing files. Okay so we checked our database.