WordPress.org

Ready to get started?Download WordPress

Forums

Web Security Tools
[closed] Hacking into my website (12 posts)

  1. stevema
    Member
    Posted 2 years ago #

    My host bluehost informed me that my website was being hacked through web security tools and I should remove it altogether. I have done this but I wonder if this was the source of the attack as noone else has complained about it. Basically it caused anyone who went to my website to have the PC disabled and replaced by constant requests to spend money to remove security threat...
    Does anyone know anything about this threat from web security tools???

    http://wordpress.org/extend/plugins/web-security-tools/

  2. mrivera915
    Member
    Posted 2 years ago #

    It is infected with a redirect to a malware site. WordPress should take it down.

  3. Mark (podz)
    Support Maven
    Posted 2 years ago #

    mrivera915 - be VERY specific.

    And email this to plugins@wordpress.org

  4. Mark (podz)
    Support Maven
    Posted 2 years ago #

    stevema - there have been no other reports about this plugin.
    It is perfectly possible that something else on the server has written to that file.

    I need the information from mrivera915 which I hope is emailed.

  5. mrivera915
    Member
    Posted 2 years ago #

    REMOVED - Mark

  6. Mark (podz)
    Support Maven
    Posted 2 years ago #

    Sorry - I must have missed the word 'email' from my reply.

    I found this, closed the plugin and will fix.

  7. mrivera915
    Member
    Posted 2 years ago #

    Why did you remove my comment?

  8. Mark (podz)
    Support Maven
    Posted 2 years ago #

    Because giving any security related information is something we do not encourage. It can cause more problems and generally solves none. This is why we ask that all security related issues are sent to plugins@wordpress.org

    One of the core contributors has checked it out. 2 others will shortly.
    The .static files are not executed.
    The site that is in those files has been compromised, not the plugin itself. If you check the warning from google you can see that something happened on 27 January. So that site has the problem and they will be informed.

    The plugin remains removed until the other site is fixed. In the meantime just delete that plugin from within the Plugins page or using FTP if you wish but right now we have no reason to believe it is bad.

  9. stevema
    Member
    Posted 2 years ago #

    Thank you for support. I am glad you guys know what you are doing! I don't know if this is any help but about 4 months ago I got a virus infection which was similar although it did not direct to the same malware site. I never found the source of it but I wonder if it came through the same plugin?

  10. rritoch
    Member
    Plugin Author

    Posted 2 years ago #

    Hello,

    This plugin does not install a virus on your site unless your server will execute .static files. The .static files are used to remove the virii from your server. If you get a new virii you can make your own .static files in the same folder and run the scanner to clean the virus off of your site. If you are truly paranoid you can use .htaccess to block access to any .static files.

    Best Regards,
    Ralph Ritoch

  11. rritoch
    Member
    Plugin Author

    Posted 2 years ago #

    I will be filing a complaint against bluehost as their defamation of this plugin has lead to WordPress discontinuing this plugin. Even WordPress doesn't understand that the plugin cannot harm a web site and that the files in question are REQUIRED to delete the associated VIRII and Threats.

  12. rritoch
    Member
    Plugin Author

    Posted 2 years ago #

    Here is the proof that the static files are NOT a security risk. If they were than simply going to the following link would infect my own web sites.

    http://www.ralphndiaritoch.info/wp-content/plugins/web-security-tools/phpwebsectools/modules/virus_clean/definitions/sm3wv8.static

    As you can see they are displayed as harmless text files with no risk to the web browser or the server!!!

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic