WordPress.org

Ready to get started?Download WordPress

Forums

BackWPup Free - WordPress Backup Plugin
[Plugin: BackWPup] Scanned Server found these files (6 posts)

  1. runner2009
    Member
    Posted 2 years ago #

    Hi

    Just an FYI, after the last upgrade, we had trouble with the VPS using too much memory. Did a scan using Clamscan and found these files:

    {HEX}base64.inject.unclassed.6 : /home/xxxl/public_html/wp-content/plugins/backwpup/pages/func_backwpupeditjob.php
    {HEX}base64.inject.unclassed.6 : /home/xxxx/public_html/wp-content/plugins/backwpup/pages/page_backwpupsettings.php

    {HEX}base64.inject.unclassed.6 : /home/xxxx/public_html/jp_sub/wp-content/plugins/backwpup/app/options-settings.php
    {HEX}base64.inject.unclassed.6 : /home/xxx/public_html/jp_sub/wp-content/plugins/backwpup/app/options-edit-job.php
    {HEX}base64.inject.unclassed.6 : /home/xxxx/public_html/hawaii/wp-content/plugins/backwpup/pages/func_backwpupeditjob.php
    {HEX}base64.inject.unclassed.6 : /home/xxx/public_html/hawaii/wp-content/plugins/backwpup/pages/page_backwpupsettings.php
    {HEX}base64.inject.unclassed.6 : /home/xxx/public_html/kr_sub/wp-content/plugins/backwpup/app/options-settings.php
    {HEX}base64.inject.unclassed.6 : /home/xxx/public_html/kr_sub/wp-content/plugins/backwpup/app/options-edit-job.php
    {HEX}base64.inject.unclassed.6 : /home/xxx/public_html/de_sub/wp-content/plugins/backwpup/app/options-settings.php
    {HEX}base64.inject.unclassed.6 : /home/xxx/public_html/de_sub/wp-content/plugins/backwpup/app/options-edit-job.php

    In fact all of the domains and sub-domains on that server were affected. Not sure how they got there. But thought I'd let you know.

    Regards
    runner2009

    http://wordpress.org/extend/plugins/backwpup/

  2. Daniel Hüsken
    Member
    Plugin Author

    Posted 2 years ago #

    I use the base64 finktion in these files. In next version ich change it a bit so that the scannner hopfuly not makes the false positive.

  3. dsided
    Member
    Posted 2 years ago #

    I also have a problem with the following:

    /httpdocs/wp-content/plugins/backwpup/pages/page_backwpupsettings.php: Atomicorp.honeypot.hex.base64.inject.unclassed.6.UNOFFICIAL FOUND

    /httpdocs/wp-content/plugins/backwpup/pages/func_backwpupeditjob.php: Atomicorp.honeypot.hex.base64.inject.unclassed.6.UNOFFICIAL FOUND

    The site also showed up with a warning "... contains content from acstonga.osa.pl, a site know to distribute malware."

    Any ideas why this should happen?

  4. Daniel Hüsken
    Member
    Plugin Author

    Posted 2 years ago #

    A chane will come with version 3.....

  5. kuching
    Member
    Posted 2 years ago #

    Hi Daniel,

    I know that you must be already aware of this issue, given the posts above. Anyway I'm writing to report the same issue here with version 2.1.10

    malware scanner detected the following:

    /home/pwtpdlha/public_html/
    content/plugins/backwpup/pages/page_backwpupsettings.php
    /home/pwtpdlha/public_html/content/plugins/backwpup/pages/func_backwpupeditjob.php
    
    FILE HIT LIST:
    {HEX}base64.inject.unclassed.6 : /home/pwtpdlha/public_html/content/plugins/backwpup/pages/page_backwpupsettings.php => /usr/local/maldetect/quarantine/page_backwpupsettings.php.25415
    {HEX}base64.inject.unclassed.6 : /home/pwtpdlha/public_html/content/plugins/backwpup/pages/func_backwpupeditjob.php => /usr/local/maldetect/quarantine/func_backwpupeditjob.php.25960

    I think most malware scanners don't really like Base64... it's been exploited by too many malwares

    looking forward to see an update of this excellent backup tool :)

    keep up the good job

  6. Daniel Hüsken
    Member
    Plugin Author

    Posted 2 years ago #

    I have chanded it for the 3. Version. but i can't say in moment when i release it.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags