Support » Plugin: Captcha » Backdoor?

  • Hi,

    So read the report that this plugin had a backdoor and removed from the repository.

    Since then, was restored after the backdoor code was removed?

    So the question is, if this were the case, why have e not had an plugin update message?

    Is it now safe to use or not?

    Many Thanks

Viewing 9 replies - 1 through 9 (of 9 total)
  • Peter

    (@hardpeter4u)

    Yes, what about the backdoor? Has it been removed????

    I still wouldn’t trust it, why was it there in the first place?

    Hi

    Don’t get me wrong, saves me a ton of time with hackers, bots etc

    But come on WP, are you not checking/verifying plugins before you add them to the repository?

    Awaiting your confirmation on the safety of this plugin before I continue to use it please.

    Many Thanks

    I can’t believe this plugin is still available after it’s been proven to have a malicious backdoor. Very odd.

    David

    (@vanguardbookkeeping)

    There are links between this plugin and Maison Souza – who buys plugins to repurpose them.
    https://www.wordfence.com/blog/2017/12/backdoor-captcha-plugin/?utm_source=list&utm_medium=email&utm_campaign=121917

    You should avoid touching anything related to him, including these which has the same back-door code :
    – Covert me Popup
    – Death To Comments
    – Human Captcha
    – Smart Recaptcha
    – Social Exchange

    https://www.wordfence.com/blog/2017/09/man-behind-plugin-spam-mason-soiza/?utm_source=list&utm_medium=email&utm_campaign=091317

    Adam

    (@adamlachut)

    @rik0399: the malicious code (backdoor) was downloaded as an ‘update’
    @songofhannah: v4.4.5 is clean (cleaned by WP Stuff)

    A.

    With Adam’s permission I will complete the info with link to the original source

    From Wordfence…

    What We’ve Done So Far

    As of this writing, we’ve created three firewall rules in total to protect our users’ sites from the backdoor installation. Premium customers received the first two rules on December 8th and the third one on the 14th. These rules also protect against the backdoor itself executing in Captcha as well as in the five other plugins available for download on simplywordpress.net. Free users will receive these rules 30 days from the original publish date via the community version of the Threat Defense Feed.

    We have also been working with the WordPress.org plugins team to get out a patched version of Captcha (4.4.5) that is backdoor-free. The plugins team has used the automatic update to upgrade all backdoored versions (4.3.6 – 4.4.4) up to the new 4.4.5 version. Over the course of the weekend over 100,000 sites running versions 4.3.6 – 4.4.4 were upgraded to 4.4.5. They have also blocked the author from publishing updates to the plugin without their review.

    Our Recommendations

    We recommend that you uninstall the Captcha plugin immediately from your site. Based on the public data we’ve gathered, this developer does not have user safety in mind and is very likely a criminal actor attempting yet another supply chain attack. You should also ensure that you’ve enabled automatic updates within WordPress – that’s still one of the best ways to keep your site secure before disclosures like this take place. We also recommend using the Premium version of Wordfence, to proactively defend your site against threats like this one.

    The most viable alternative seems: ‘Really Simple CAPTCHA‘ (By Takayuki Miyoshi, creator of ‘Contact Form 7’ and compatible with it)

    Greetings!

    Hi @joanmor,

    Thanks for that,

    It was a fine plugin to be sure…really impacted on those hackers and Bots…

    DELETED!!

    Moderator Samuel Wood (Otto)

    (@otto42)

    WordPress.org Admin

    Hello, please read the entire original post. We worked with Wordfence last week to clean up the plugin and pushed it out as an automatic update.

    They explained this in their post.

    Version 4.4.5 is safe and you probably already have the update.

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘Backdoor?’ is closed to new replies.