WordPress.org

Ready to get started?Download WordPress

Forums

  1. mdjasper
    Member
    Posted 1 year ago #

    My site was hacked via this plugin enabling hackers to gain access to phpsendmail and distribute pornography via our wordpress installation.

    FILE HIT LIST:
    {CAV}PHP.Trojan.Spambot : /wp-content/plugins/tell-a-friend/ticketkRS.php
    {HEX}php.cmdshell.unclassed.344 : /wp-content/plugins/tell-a-friend/tell-a-friend.php

    tell-a-friend.php http://pastebin.com/nDKMMjMu

    ticketRS.php http://pastebin.com/8xR03AAs

    BIndex.php http://pastebin.com/6aMfuffN

    http://wordpress.org/extend/plugins/free-tell-a-friend/

  2. The Hack Repair Guy
    Member
    Posted 1 year ago #

    A relatively comment event. Hacker likely gained access to your FTP account and uploaded the files or used your Admin password to add their own plugins.

    Changing password for everything would be my first thing to do.

    As a side note, the poor rating of this plugin may be a good lesson learned as well.

  3. melmelao
    Member
    Posted 9 months ago #

    What a coincidence, happened here too. I work in IT and know for a fact that these things may happen. But as a developer it is very irresponsible on your part to answer and just say "these things happen" and not even take a look at your own files. I will make sure my client does not install any more suspicious plugins without the proper research in the future, but at the same time YOU as the developer should take a look at your own code.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic