Pharma hack warning from plugin files? | WordPress.org

Ate Up With Motor
(@ate-up-with-motor)

10 years, 4 months ago

Hi,

I switched to WordPress a while ago after my former non-WP site was subjected to the infamous pharma hack. I have a couple of automated scripts that look for hacked files, and I decided I should run them periodically as a precaution.

I just did that and the “Looking for bad guys” script reports:

Searching for files with suspicious names…
Files encountered = 5639, Matching regex and processed = 0; Directories encountered = 624, Matched and processed = 624

Searching for files with names related to WordPress pharma hack…
2013-11-06 02:28:12 /[redacted]/plugins/broken-link-checker/includes/admin/db-schema.php is most likely a pharma hack.
2013-11-06 02:28:12 /[redacted]/plugins/broken-link-checker/includes/admin/db-upgrade.php is most likely a pharma hack.
Files encountered = 5639, Matching regex and processed = 2; Directories encountered = 624, Matched and processed = 624

I inspected those files, comparing them to the same files from a freshly downloaded copy of the plugin. The file sizes are identical and I can’t see anything that looks suspicious or altered.

Has anyone encountered this before? I’m not sure if this is a false positive or what.

Thanks!

http://wordpress.org/plugins/broken-link-checker/

The topic ‘Pharma hack warning from plugin files?’ is closed to new replies.

Tags

In: Plugins
0 replies
1 participant
Last reply from: Ate Up With Motor
Last activity: 10 years, 4 months ago
Status: not resolved