WordPress.org

Ready to get started?Download WordPress

Forums

AntiVirus
THIS IS A VIRUS (11 posts)

1 star
  1. loutrekshow
    Member
    Posted 1 year ago #

    Hey guys.... Don't download this plugin. I did and the plugin makes itself look all innocent, but actually installs a back door to your file system and infects it. It uses your website as a redirect for sex crap and spam.

    Then when you uninstall it, it phones back home to the hacker to get back on the system to delete your files on your file system.

    Again, this is a really bad virus and you will be blocked by many websense type programs because of a Redkit exploit that this plugin will install on your hosting system.

    Antivirus...how ironic. If only I could take back this one star I had to give it.

    Hey Jungs .... Nicht downloaden Sie dieses Plugin. Ich tat es und das Plugin macht sich freuen alle unschuldig, aber tatsächlich installiert eine Hintertür in Ihr Dateisystem und infiziert sie. Es nutzt Ihre Website als für Sex Mist und Spam umzuleiten.

    Dann, wenn Sie es deinstallieren, Telefone es zurück nach Hause an den Hacker, um wieder auf das System, um Ihre Dateien auf dem Dateisystem zu löschen.

    Auch dies ist eine wirklich schlechte Virus, und Sie werden von vielen websense Art Programme blockiert werden, weil eines redkit nutzen, dass dieses Plugin auf Ihrem Hosting-System zu installieren.

    Antivirus ... wie ironisch. Wenn ich nur nehmen könnte wieder diesen einen Stern, ich musste es geben.

  2. pixolin
    Member
    Posted 1 year ago #

    What an utter nonsense. Can someone delete this ridiculous review, please?

    It makes me sad to see how a troll can denigrate efforts of a plugin developer that easily.

  3. Sergej Müller
    Member
    Plugin Author

    Posted 1 year ago #

    Pure nonsense.

  4. loutrekshow
    Member
    Posted 1 year ago #

    Look, I'm willing to capitulate to one possibility, I might have downloaded the program from a different location then where you have it put, but here is what happened. I downloaded and install AntiVirus. Within a few days odd things started happening to my website. Folders started appearing labeled .webname. These folders were all over my file system in just about every folder on the file system. Meanwhile the only thing AntiVirus was doing was checking themes on the wordpress blog. It makes it look like it's doing a great job.

    Now inside those .webname folders were html files for a bunch of junk. Mostly sex crap. We were able to determine these anomaly's began almost at the time the AntiVirus was installed, so the choice was to uninstall it. The moment we uninstalled it, a file showed up on the main html folder called something to the extent of uninstall.php which alerted the hacker that we uninstalled antivirus and allowed the hacker access to the website, presumptively to destroy files and folders at his whim. The connection to the website was broken at that moment so NO ONE could gain control and all files were cleaned. Since then, all the .webname folders have stopped rebuilding and there has been no attempt on the file system. We had to change everything including all passwords, tokens and the config.php.

    Now if it is nonsense, please riddle me this, how is it that NOTHING has been attempted on my file system once AntiVirus was removed? Are you going to say it was coincidence??? It started when I installed the program and stopped when I got rid of it and cleaned it's mess. Coincidence? I suggest to prove me wrong, everyone reading this that has it installed on your wordpress blog, check out your file system and see if you also have .webname folders. Where you read .webname will be your actual domain name. So if Microsoft.com were infected, they would see a lot of .microsoft folders on their file system. Open those folders and see what you have.

    Again I might have downloaded the program from a website that had manipulated it and installed a back door, but one was installed. I suggest people be careful or maybe even run a few tests on a dummy wordpress blog. I have a couple extra domain names that I can install a wordpress blog on and it would come with new file systems. I'll give it a test and see what happens.

  5. ClaytonJames
    Member
    Posted 1 year ago #

    Look, I'm willing to capitulate to one possibility, I might have downloaded the program from a different location then where you have it put...
    ...Again I might have downloaded the program from a website that had manipulated it and installed a back door, but one was installed.

    You do understand how those two statements invalidate any other conclusions you've come to (however right, or wrong they could be) regarding this plugin, do you not?

    If you have what you believe to be a legitimate concern about the intent or actions of a plugin, you should probably follow the guidelines suggested here: Where do I report security issues?

  6. sk117
    Member
    Posted 1 year ago #

    hi sergej, when is your plugin gonna be downloadable again? why did they delete it from the search?

    thx in advance for the reply!

  7. The plugin is under review and will be made available again once we determine it is clean.

  8. Sergej Müller
    Member
    Plugin Author

    Posted 1 year ago #

    @sk117
    But now!

  9. The plugin was reviewed, and these allegations were found to be unfounded (there WAS a mistake on my part re the closing - I thought a PHP security hole was a plugin one), but multiple reviewers have determined this plugin is good :)

    loutrekshow - Your evidence is suspicious, but also a little circumstantial. I would speak with your webhost immediately to have them scan your account for possible hacks.

    I have installed this on http://plugins.elftest.net/ and I see nothing yet, but I'll leave it there for a while to see what happens.

    (ETA: You can clearly see the code here - http://plugins.svn.wordpress.org/antivirus/trunk/ theres' nothing phoning home. I think it's MORE likely that a hacker used that plugin to stash his code - I see it a lot (I work for a webhost, they LOVE hiding code in akismet))

  10. esmi
    Forum Moderator
    Posted 1 year ago #

    I might have downloaded the program from a different location then where you have it put

    Now that's a very telling line...

  11. loutrekshow
    Member
    Posted 1 year ago #

    Very good. Then I recommend deleting this comment. I have downloaded the program again and am installing a new version of wordpress on another domain and will install the plugin and see if the problem replicates. If it does I will report it again....

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.