WordPress.org

Ready to get started?Download WordPress

Forums

WPeMatico
Malware? (3 posts)

  1. dadib
    Member
    Posted 1 year ago #

    Our host had our site disabled yesterday, due to this file:

    {HEX}base64.inject.unclassed.6 : ///wp-
    content/plugins/wpematico/app/settings_page.php

    Can you please help us resolve this issue and update our host provider, as they took a beating over it, and not sure if it is a false positive or not...?

    http://wordpress.org/extend/plugins/wpematico/

  2. Your site may have been hacked. On the current download for that plugin I don't see that reference in plugins/wpematico/app/settings_page.php.

    There is a <?php echo base64_decode($cfg['mailpass']);?> on line 56 of that file but that should not cause your site to be disabled.

  3. FidoSysop
    Member
    Posted 1 year ago #

    I would suggest anyone running WordPress to set wp-config.php permissions at (600) Read and Write for the Owner only.

    If you allow anyone to read your config file they can get your database name and password, and hack the crap out of your site!

    FWIW, I have 34 WPeMatico campaigns running with no nasty grams from my web host. Though the CPU usage when running a campaign is really intensive.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags