WordPress.org

Ready to get started?Download WordPress

Forums

BuddyMobile
[resolved] Does BuddyPress Mobile Have Malware? (7 posts)

  1. Blogurp
    Member
    Posted 1 year ago #

    My website security found this in a scan and I cannot get to Buddy Chimp website on my personal computers because my security tells me buddychimp.com is a Reported Attack Page.

    [Aug 08 01:32:45] Adding issue: File contains suspected malware URL: .../wp-content/plugins/buddypress-mobile/buddypress-mobile.php

    Filename: wp-content/plugins/buddypress-mobile/buddypress-mobile.php
    Bad URL: http://buddychimp.com/
    File type: Not a core, theme or plugin file.
    Severity: Critical

    This file contains a suspected malware URL listed on Google's list of malware sites. Decoded base64 when scanning files so the URL may not be visible if you view this file. The URL is: http://buddychimp.com/

    The next part is from: http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=http%3A%2F%2Fbuddychimp.com%2F&client=googlechrome&hl=en-US
    Safe Browsing
    Diagnostic page for buddychimp.com

    What is the current listing status for buddychimp.com?

    Site is listed as suspicious - visiting this web site may harm your computer.

    Part of this site was listed for suspicious activity 3 time(s) over the past 90 days.

    What happened when Google visited this site?

    Of the 1 pages we tested on the site over the past 90 days, 1 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-08-06, and the last time suspicious content was found on this site was on 2012-08-06.

    Malicious software includes 4 scripting exploit(s).

    Malicious software is hosted on 1 domain(s), including ens122zzzddazz.com/.

    This site was hosted on 1 network(s) including AS11042 (LANDIS).

    http://wordpress.org/extend/plugins/buddypress-mobile/

  2. ClaytonJames
    Member
    Posted 1 year ago #

    It wouldn't be too much of a stretch to think buddychimp.com may have suffered a compromise of some type. It was still running WordPress 3.3.2 on Aug 7, 2012 03:32:07 GMT.

    It's also probably not unreasonable to think ( without any type of in-depth file inspection ) that the /buddypress-mobile.php file might simply have been flagged because it contains the authors url in plain text (twice) which happens to be: buddychimp.com

    Bad URL: ...buddychimp.com/
    File type: Not a core, theme or plugin file.

    I wouldn't jump to the conclusion that there is anything wrong with the plugin just yet. I would however, think that the url in the plugin header could be what set off the alert in the security scanner...

    All pure speculation on my part, mind you. Use your best judgement on this one.

  3. @modemlooper
    Member
    Plugin Author

    Posted 1 year ago #

    Nope, doesn't contain malware. I don't own the buddychimp url. Removed it from plugin info

  4. Blogurp
    Member
    Posted 1 year ago #

    Thanks, I was just wondering :)

  5. lucadgg
    Member
    Posted 1 year ago #

    malware site buddychimp.com is still linked from inside Wp Admin Plugins when you click on
    http://WEBSITE.com/wp-admin/plugin-install.php?tab=plugin-information&plugin=buddypress-mobile&TB_iframe=true&width=640&height=430

  6. drewl2012
    Member
    Posted 1 year ago #

    does any one know where I can find the buddymobile plugin? i've been searching on wordpress.org plugins section and it says "this plugin doesn't exist.

  7. @modemlooper
    Member
    Plugin Author

    Posted 1 year ago #

    click the link on my profile and you can find the plugin http://profiles.wordpress.org/modemlooper

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic