WordPress.org

Ready to get started?Download WordPress

Forums

Broken Link Checker
Pharma hack warning from plugin files? (1 post)

  1. Ate Up With Motor
    Member
    Posted 7 months ago #

    Hi,

    I switched to WordPress a while ago after my former non-WP site was subjected to the infamous pharma hack. I have a couple of automated scripts that look for hacked files, and I decided I should run them periodically as a precaution.

    I just did that and the "Looking for bad guys" script reports:

    Searching for files with suspicious names...
    Files encountered = 5639, Matching regex and processed = 0; Directories encountered = 624, Matched and processed = 624

    Searching for files with names related to WordPress pharma hack...
    2013-11-06 02:28:12 /[redacted]/plugins/broken-link-checker/includes/admin/db-schema.php is most likely a pharma hack.
    2013-11-06 02:28:12 /[redacted]/plugins/broken-link-checker/includes/admin/db-upgrade.php is most likely a pharma hack.
    Files encountered = 5639, Matching regex and processed = 2; Directories encountered = 624, Matched and processed = 624

    I inspected those files, comparing them to the same files from a freshly downloaded copy of the plugin. The file sizes are identical and I can't see anything that looks suspicious or altered.

    Has anyone encountered this before? I'm not sure if this is a false positive or what.

    Thanks!

    http://wordpress.org/plugins/broken-link-checker/

Reply

You must log in to post.

About this Plugin

About this Topic

  • RSS feed for this topic
  • Started 7 months ago by Ate Up With Motor
  • This topic is not resolved
  • WordPress version: 3.7.1