Forums

WordPress › Support » Plugins and Hacks

Threats in WP plugins (3 posts)

  1. cutandin
    Member
    Posted 1 year ago #

    I've been getting threats every time I open the site or Dashboard. The developer said he had deleted 500 malware, but he has cancer and is no longer available to help me. The threats that my virus pgm caught were as follows:

    -ultimatecomfort.ru.8080.applet1.html

    -exploit link to known exploit site (type 799)
    Under that name these files came up:
    http://www.cut-and-install-crown-molding.com/wp-content/plugins/wp-js-player/js/popup.js?ver=1.4
    http://www.cut-and-install-crown-molding.com/wp-content/themes/Cut_N_Crown_Molding/scipt.js

    Then when I activated the Exploit plugin, a tremendous number of files flooded in with possible threats. What do I do? I don't know if they are legit or not.

    Thanks, Olivia

  2. kesseret
    Member
    Posted 1 year ago #

    Version of wordpress?
    Is the plugin really that necessary?
    I'd like to know if you are running an older version of wordpress, but I'd copy the plugin folder from my server to my local machine (for investigation) and then delete the plugin from your server.

    Then I'd open the php file in Notepad++ and have a look around. Do NOT open it in firefox or anything else just a plain text viewer ONLY.

    Anyway, from there I'd look for strange things in the code. I'd also see if the threats still occur after I remove the plugin.

    Lastly if I were you I'd consider once you clean this up to change your passwords.

    (A client's site was recently hit with the base64(eval hack which redirected visitors to some .ru site and also caused lots of errors in the dashboard. Using a similar method to the one I listed above helped me determine the problem and clean it. I also had to modify her sql database and change her sql and wordpress passwords and EVERY users password just in case.)

  3. esmi
    Theme Diva & Forum Moderator
    Posted 1 year ago #

    What to do if you think you've been hacked:
    http://codex.wordpress.org/FAQ_My_site_was_hacked
    http://wordpress.org/support/topic/268083#post-1065779
    http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
    http://ottodestruct.com/blog/2009/hacked-wordpress-backdoors/

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags