Forums

WordPress › Support » Plugins and Hacks

Tabbed Widgets
[resolved] VIRUS! (9 posts)

  1. HotJoint
    Member
    Posted 1 year ago #

    People!

    Watch out! this plugin has a virus on it. It tryed to hack my site for like 6 times now. Is trying to inject code on my database.!

    Beware!

  2. Kaspars
    Member
    Posted 1 year ago #

    There is NO virus in this plugin.

    Please don't make such claims without providing any evidence.

  3. HotJoint
    Member
    Posted 1 year ago #

    I have the log of my server where u can find the attack. Im just warning other people to check this files before they upload the plugin to their servers

  4. Kaspars
    Member
    Posted 1 year ago #

    Again, could you please back up your claims?

    Here are the files:
    http://plugins.trac.wordpress.org/browser/tabbed-widgets/tags/1.3.1

    Can you please explain in which file, which line the "virus" is?

  5. HotJoint
    Member
    Posted 1 year ago #

    Im very sorry, you are right. I dont have to directly accuse the plugin as a virus but it maybe have one or any vulnerability. This is a single entry on my security log:

    [unique_id "XXXXXXXXXXXXXXXXXxx"]
    [Sat Jan 29 19:24:50 2011] [error] [client XXXXXXXXX]
    ModSecurity: Access denied with code 406 (phase 2). Pattern match
    "\\b(\\d+) ?= ?\\1\\b|[\\'"](\\w+)[\\'"] ?= ?[\\'"]\\2\\b" at
    REQUEST_HEADERS:Cookie. [file
    "XXXXXXXXXXXXXX"] [line "86"] [id "XXXXX"]
    [msg "SQL Injection Attack"] [data "1=1"] [severity "CRITICAL"] [tag
    "WEB_ATTACK/SQL_INJECTION"] [hostname "XXXXXXXXXXXX"] [uri
    "/wp-content/plugins/tabbed-widgets/css/tabbed-widgets.css"]

    It happens with this file aswell: /wp-content/plugins/tabbed-widgets/js/jquery-cookie.min.js

    I dont know if that helps.

  6. Kaspars
    Member
    Posted 1 year ago #

    The reason why you have this error is because someone (probably a bot) added "\\b(\\d+) ?= ?\\1\\b|[\\'"](\\w+)[\\'"] ?= ?[\\'"]\\2\\b" to the HTTP request when requesting tabbed-widgets.css and the mod_security thinks the server is being attacked.

    This has nothing to do with Tabbed Widgets.

    Many people have had such errors because of mis-configured mod_security apache module: http://www.webhostingtalk.com/showthread.php?t=945768

  7. HotJoint
    Member
    Posted 1 year ago #

    Thanx for the answer. So do you think this is a false positive?

  8. Kaspars
    Member
    Posted 1 year ago #

    Definitely, a false positive!

  9. HotJoint
    Member
    Posted 1 year ago #

    Thanx

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags