WordPress.org

Ready to get started?Download WordPress

Forums

WP Contact Form
This Plug-in is vurnerable (4 posts)

  1. wpv-expert
    Member
    Posted 3 years ago #

    Recently our site was hacked by a very insidious attack called the "Pharma Hack".

    *This hack was determined to have entered our site through this plug-in.*

    This hack can kill your good standing and hard earned rank with Google. The hack inserts an I-Frame into your footer or header where it hides base 64code to call hidden cookies that it places in various folders on your server. You know the ones viagra, celebrex, etc . . .

    We would find them then delete them to find later that they returned and were hidden in a new location. When we consistently found them and removed them they were then crammed into our databases for our support forum and posts, as well as our membership database.

    It also serves up mal-ware from other sites remotely through your own sites infection. Our stats went from 30K hits a month to 123. And our site was removed from Google's listing.

    You may not even notice your problem until Google de-lists you. If you are not paying attention to your site stats this could become a reality.

    To read about this hack go here: http://www.scammeralert(DOT)info/website-hacked-attack-by-iframe-and-index-php-gifimg-php-base64_decode/

    In the end it is not an easy problem to fix yourself. We know what we are doing and still had to hire a specialist from sitesecuritymonitor(DOT)com/ for $200 to get rid of it.

    http://wordpress.org/extend/plugins/wp-contact-form/

  2. Peter Westwood
    WordPress Lead Developer
    Plugin Author

    Posted 3 years ago #

    If you have proof that there is an issue in the plugin that caused this then please let me know via private email so i can fix the issue.

    Otherwise don't post unsubstantiated reports like this

  3. wpv-expert
    Member
    Posted 3 years ago #

    Peter,

    Man I am feeling like you know what about now. You are correct and I should have done more homework before posting in the plug-in repository about the wp-contact-form.

    The plug-in in question in fact is not even in the WP repository.
    Below is the data from our copies of the plug-in.
    Please accept my sincerest apologies for this case of mistaken identity.

    This text was cut copied and pasted from the php file of the plug-in:

    Plugin Name: Contact Form ][
    Plugin URI: http://chip.cuccio.us/projects/contact-form-ii/
    Description: Contact Form ][ is a drop-in form that allows site visitors to contact you. It can be implemented easily (via QuickTags) within any post or page. This version is *specifically* for WordPress 2.x only.
    Author: Chip Cuccio
    Author URI: http://chip.cuccio.us
    Version: 2.0.13

    I am not sure if this helps much Peter but we were seeing in our emails where the form plug-in was being over-run with "jhrvbjh2f@hjbhber.com" jibberish type emails. I mean hit really hard from many different IP's. The email addresses were of course not valid nor the domains they were affiliated with. It seems to have been some sort of injection attack. The code was very sophisticated and definitely pointed to this particular plug-in. It kept re-infecting until the plug-in was removed with all the code it had injected.

    This plug-in was just trash left over from previous management at the site that I inherited to clean up. I noticed it was old and was fixing the site up along with trying to de-hack it. Suffice it to say, that it was a learning experience just like this post has been . . .

    I am bent over awaiting my fifteen lashes.

  4. wpv-expert
    Member
    Posted 3 years ago #

    If this post were deleted I would not miss it, unless of course part of my punishment is for it to remain. ;-)

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic