Forums

WordPress › Support » Plugins and Hacks

BackWPup
Scanned Server found these files (6 posts)

  1. runner2009
    Member
    Posted 4 months ago #

    Hi

    Just an FYI, after the last upgrade, we had trouble with the VPS using too much memory. Did a scan using Clamscan and found these files:

    {HEX}base64.inject.unclassed.6 : /home/xxxl/public_html/wp-content/plugins/backwpup/pages/func_backwpupeditjob.php
    {HEX}base64.inject.unclassed.6 : /home/xxxx/public_html/wp-content/plugins/backwpup/pages/page_backwpupsettings.php

    {HEX}base64.inject.unclassed.6 : /home/xxxx/public_html/jp_sub/wp-content/plugins/backwpup/app/options-settings.php
    {HEX}base64.inject.unclassed.6 : /home/xxx/public_html/jp_sub/wp-content/plugins/backwpup/app/options-edit-job.php
    {HEX}base64.inject.unclassed.6 : /home/xxxx/public_html/hawaii/wp-content/plugins/backwpup/pages/func_backwpupeditjob.php
    {HEX}base64.inject.unclassed.6 : /home/xxx/public_html/hawaii/wp-content/plugins/backwpup/pages/page_backwpupsettings.php
    {HEX}base64.inject.unclassed.6 : /home/xxx/public_html/kr_sub/wp-content/plugins/backwpup/app/options-settings.php
    {HEX}base64.inject.unclassed.6 : /home/xxx/public_html/kr_sub/wp-content/plugins/backwpup/app/options-edit-job.php
    {HEX}base64.inject.unclassed.6 : /home/xxx/public_html/de_sub/wp-content/plugins/backwpup/app/options-settings.php
    {HEX}base64.inject.unclassed.6 : /home/xxx/public_html/de_sub/wp-content/plugins/backwpup/app/options-edit-job.php

    In fact all of the domains and sub-domains on that server were affected. Not sure how they got there. But thought I'd let you know.

    Regards
    runner2009

    http://wordpress.org/extend/plugins/backwpup/

  2. Daniel Huesken
    Member
    Posted 4 months ago #

    I use the base64 finktion in these files. In next version ich change it a bit so that the scannner hopfuly not makes the false positive.

  3. dsided
    Member
    Posted 4 months ago #

    I also have a problem with the following:

    /httpdocs/wp-content/plugins/backwpup/pages/page_backwpupsettings.php: Atomicorp.honeypot.hex.base64.inject.unclassed.6.UNOFFICIAL FOUND

    /httpdocs/wp-content/plugins/backwpup/pages/func_backwpupeditjob.php: Atomicorp.honeypot.hex.base64.inject.unclassed.6.UNOFFICIAL FOUND

    The site also showed up with a warning "... contains content from acstonga.osa.pl, a site know to distribute malware."

    Any ideas why this should happen?

  4. Daniel Huesken
    Member
    Posted 4 months ago #

    A chane will come with version 3.....

  5. Substrato
    Member
    Posted 1 month ago #

    Hi Daniel,

    I know that you must be already aware of this issue, given the posts above. Anyway I'm writing to report the same issue here with version 2.1.10

    malware scanner detected the following:

    /home/pwtpdlha/public_html/
content/plugins/backwpup/pages/page_backwpupsettings.php
/home/pwtpdlha/public_html/content/plugins/backwpup/pages/func_backwpupeditjob.php

FILE HIT LIST:
{HEX}base64.inject.unclassed.6 : /home/pwtpdlha/public_html/content/plugins/backwpup/pages/page_backwpupsettings.php => /usr/local/maldetect/quarantine/page_backwpupsettings.php.25415
{HEX}base64.inject.unclassed.6 : /home/pwtpdlha/public_html/content/plugins/backwpup/pages/func_backwpupeditjob.php => /usr/local/maldetect/quarantine/func_backwpupeditjob.php.25960

    I think most malware scanners don't really like Base64... it's been exploited by too many malwares

    looking forward to see an update of this excellent backup tool :)

    keep up the good job

  6. Daniel Huesken
    Member
    Posted 1 month ago #

    I have chanded it for the 3. Version. but i can't say in moment when i release it.

Reply

You must log in to post.

About this Plugin

About this Topic

Tags