WordPress.org

Ready to get started?Download WordPress

Forums

Shortcodes Ultimate
malware in your code???? (6 posts)

1 star
  1. estulin
    Member
    Posted 1 year ago #

    I found this in your plug in

    wp-content/plugins/shortcodes-ultimate/lib/timthumb.php:221
    http://pastebin.com/0be5y6Te

    Is this malware in your code????

  2. gecko_guy
    Member
    Posted 1 year ago #

    What alerted you to that? Do you know that it is suspicious and have experience with these things, or did you just get a warning from some security software you use?

    My understanding is that only when one finds an eval() function and base64() decoding function on the same line is it potentially dangerous...

    Would love to know the reason behind your suspicions?

    Would be even better if the developer responded...

  3. jedounet
    Member
    Posted 1 year ago #

    i agree with this suspicions, i don't know it the autor knows about this but my site just got hacked and it tells me now that the website is hosting suspicious software,

    what a funny coincidence, a plugin name shortcodes ultimate had the same problem in the past:

    http://wordpress.org/support/topic/plugin-shortcodes-ultimate-security-flaw-timthumb-exploit?replies=7

  4. Vladimir Anokhin
    Member
    Plugin Author

    Posted 1 year ago #

    This is just an base64-encoded image in timthumb.php library.
    http://wikipedia.org/wiki/Data_URI_scheme

    You can try it yourself:
    http://www.base64-image.de/
    http://webcodertools.com/imagetobase64converter

  5. esmi
    Forum Moderator
    Posted 1 year ago #

    @jedounet: Your site being hacked does not, of itself, implicate this plugin. The topic you refer to is over a year old and probably refers to an issue that affected all timthumb scripts. Please do not make accusations - inferred or otherwise - without concrete evidence.

  6. gecko_guy
    Member
    Posted 1 year ago #

    I must agree.

    WordPress sites all over the world are subject to constant attacks, and ultimately it is the responsibility of the user to ensure they follow best practice to harden their sites against mischief, and keep their plugins up to date.

    I've never yet had a problem with a hacked site which is related to a plugin where it is certified to work with the most recent version of WordPress.

    You can learn more how to protect yourself by doing some research.

    This is a good place to start:

    http://codex.wordpress.org/Hardening_WordPress

    One of the most common methods a site is hacked is through brute force attacks that use the "admin" username for their administrator account, especially when combined with a weak password.

    Anyway, thanks for confirming what the base 64 string relates to, @gn. I had been hesitating to try the plugin until the question was answered.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.