|
Laszlo Takacs - BitNinja CCO |
Scan MySQL databases just like BitNinja scans the file system, find malwares and malicious injections like XSS scripts, redirectors and spam comments.
We plan to implement this feature by a new bitninja module. The module will search for WordPress, Joomla, Drupal and other open source systems configuration file, using the malware detection module file cache (so it will be able to find them almost instantly, without scanning the filesystem) and fetch the database connection information from the config files. Using the connection information it can log in to each database and scan the database tables.
We also plan to add an optional config option to provide root MySQL access and scan all databases of a MySQL server.
Currently we are working on the proof of concept module.
Activity Newest / Oldest
Peter Horvath
Marha jo az egesz csak szerettem volna gratualni nektek!
kngirf96cdis
Hi, I see cleanup only works with wordpress. If I have a non-wordpress app, if I put wp-config.php in webroot, then bitninja will also scan a custom database?
Mark Bacsko
Status changed to: Released
Mark Bacsko
Hey everyone!
We have concluded the development of this module, and have made it live on our dashboard. From now on, when you switch the module on, it will actively scan and clean databases!
A huge thank you to anyone voting, testing, and giving us feedback regarding this module!
Happy hacker hunting!
mihosting
Is there any danger in this process, of d
deleting data that results in a false positive?
Mark Bacsko
We are very cautious with our rules, to keep false positives to the absolute minimum. So far, we have not yet encountered any false positives.
Additionally, we are quarantining these incidents, so restoring them is always an option. :)
Stay Ninjastic!
Mark Bacsko
Hey there everyone!
Ninjastic news! We have concluded our closed beta testing with some great results, and are working on bringing this feature to all of our users. Thank you for everyone participating in the closed beta tests, and thank you everyone for sticking around until the full release.
We have received many feedback regarding the module during our beta tests, and we are implementing changes suggested by our participants.
We will keep updates posted here, once we release it on every machine!
Laszlo Takacs - BitNinja CCO
Hey Ninjas!
We are closer than ever to fulfill this request. Soon we will have a closed beta phase for this module. Since this module has been requested by all of you, we would like to invite everyone for a closed beta testing. If you are up to an adventure with this new module, just drop an email to support@bitninja.io and we will provide the necessary steps to join the testing group.
Yours truly,
Laszlo
George Egri
Status changed to: In progress
George Egri
Hi all,
Nice to see so much interest about this feature. We are planning to implement a PoC module soon. If you would like to contribute, please send us samples of injected SQL malwares / spams so we can use them to test. Please send the samples to info at bitninja.io in a tar.gz forma. We have some, but the more the better! Thank you for contributing!
Mark Bacsko
Status changed to: Planned