Question 2064 in Wordpress Question posted in
The official Wordpress documentation can be found here.

SQL query to locate and remove spam content from a SQL injection hack – WordPress

I have a wordpress website that was hacked.
The hacker inserted hidden HTML in my posts (wp_posts table) using this HTML pattern:

<div style="overflow:hidden;height:1px;">
<p>Text here, always different</p>
<p>More text....</p>
</div>

Is it possible to locate in the DB everything that starts with

<div style="overflow:hidden;height:1px;">

and ends in the next

</div>

and then remove these entries from the DB?

Note: I have access to phpMyAdmin.

I really appreciate any help you can provide.

Tags:

2

Answers


  1. 0

    You could start by selecting every column that has that div in it

    SELECT *
FROM TABLE
WHERE column1 + column2 + column3 LIKE '%<div style="overflow:hidden;height:1px;">%'

    If that brings up everything

    DELETE FROM TABLE WHERE column1 + column2 + column3 LIKE '%<div style="overflow:hidden;height:1px;">%'
    Login or Signup to reply.
  2. 0

    I assume you meant remove the offending code block from each post, and not

    remove these entries from the DB

    Important

    1. This approach will only work when there are no other divs nested within the one described.
    2. Make sure you have a useable backup before going any further.
    SELECT
    id,
    post_content,
    REPLACE(
        post_content,
        CONCAT(SUBSTRING_INDEX(SUBSTRING(post_content, INSTR(post_content, '<div style="overflow:hidden;height:1px;">')), '</div>', 1), '</div>'),
        ''
    ) cleaned
FROM wp_posts
WHERE post_content LIKE '%<div style="overflow:hidden;height:1px;">%</div>%';

    Do a thorough check on the results to make sure you are happy with the transformation from post_content to cleaned. If all looks good, take a backup of wp_posts, and do the update –

    UPDATE wp_posts
SET post_content = REPLACE(
        post_content,
        CONCAT(SUBSTRING_INDEX(SUBSTRING(post_content, INSTR(post_content, '<div style="overflow:hidden;height:1px;">')), '</div>', 1), '</div>'),
        ''
    )
WHERE post_content LIKE '%<div style="overflow:hidden;height:1px;">%</div>%';
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search