WordPress.org

Ready to get started?Download WordPress

Forums

Broken Link Checker
Known Malware Site In Translation Files (10 posts)

  1. jdyer88
    Member
    Posted 1 year ago #

    FYI, my anti-virus program found a known malware site in your plugins language folder: specifically, the readme.txt file and the Ar.mo files.

    http://wordpress.org/extend/plugins/broken-link-checker/

  2. photoMaldives
    Member
    Posted 1 year ago #

    I've just had this too - Wordfence WP Security plugin has just alerted me -

    Wordfence found the following new issues :

    Critical Problems:

    * File contains suspected malware URL: /wordpress/wp-content/plugins/broken-link-checker/languages/broken-link-checker-ar_AR.po
    * File contains suspected malware URL: /wordpress/wp-content/plugins/broken-link-checker/languages/broken-link-checker-ar_AR.mo
    * File contains suspected malware URL: /wordpress/wp-content/plugins/broken-link-checker/readme.txt

    I don't know much about language files, but I guess that the alert for the text file is a false positive ?

  3. newtonsongbird
    Member
    Posted 1 year ago #

    I reverted back to the previous update (1.8) until this issue is corrected.

  4. photoMaldives
    Member
    Posted 1 year ago #

    yes - I should have said - I've had this plugin (and Wordfence Security) running together for many months and this is my first alert of this kind from anything.

  5. sk
    Member
    Posted 1 year ago #

    Same issue here

  6. Michael Aronoff
    Member
    Posted 1 year ago #

    It is sending out an alert about a URL, however that url does not link to any content in the plugin. It is simply a link back for the author of the translation files in question. It appears that whoever did the Arabic Translation has a url that is flagged for malware.

    If you are not using that translation simply remove the files in question and you will be fine. The plugin will still work and there will be no more alerts if you run a new scan.

    The author should remove that URL however to remove the problem.

  7. Janis Elsts
    Member
    Plugin Author

    Posted 1 year ago #

    I will remove the link in the next release.

  8. Do you have an ETA on when that would be? Generally we close them right away when those things are spotted, but if you're going to have it done today, that's okay.

  9. Janis Elsts
    Member
    Plugin Author

    Posted 1 year ago #

    All right, I'll have it up in a few minutes.

    The plugin itself does not actually use or display that link anywhere on the users' site (it's just .po/.mo metadata and a mention in readme.txt), so I originally assumed this was not a time-critical issue.

  10. Some virus scanners (Kaspersky) will flag the site as malware because of it, so ... it is a big deal.

    Also credit links on the readme are generally iffy anyway.

    "The plugin page (aka the readme.txt file) may not have "sponsored" links on it. Same goes for the translation files and any other linkback type schemes that will have content displayed on WordPress.org."

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.