Support » Plugin: Broken Link Checker » Possibly contains malware

  • cronwerk

    (@cronwerk)


    Contains malware. “Finds” “broken links” to non-existent posts – in fact, these are links to some other people’s site.

Viewing 11 replies - 1 through 11 (of 11 total)
  • Plugin Support Dimitris – WPMU DEV Support

    (@wpmudev-support6)

    Hello there @cronwerk

    Could you please create a new topic about this in the support forums?
    Please also share some examples of these “broken URLs” you’re referring to.

    Thank you,
    Dimitris

    Thread Starter cronwerk

    (@cronwerk)

    Hello!
    I removed this plugin. I will not risk the security of my server.
    Sorry.

    Plugin Support Kasia – WPMU DEV Support

    (@wpmudev-support2)

    Hello @cronwerk ,

    I understand your decision, but finding links on your site that are broken doesn’t mean that our plugin contains any malware.
    But since it finds links that you are sure doesn’t exist on your site it might suggest your site already had malware that creates redirects to other sites.

    kind regards,
    Kasia

    Thread Starter cronwerk

    (@cronwerk)

    Hello!

    I am absolutely sure that I did not link to someone else’s site that has nothing to do with the topic of my site. I did not link to external resources and did not receive backlinks from them.
    This site of mine is a test site with only a few small pages without links to third-party sites and to my own site pages.
    I checked my site, its database, and this plugin with several dozen antiviruses at https://www.virustotal.com. No viruses were found. But this does not mean that there is no malware in them.
    Perhaps, when manipulating the URL, the plugin receives some URLs from other sites to which there are links in the plugin. These sites may have malware, for example https://managewp.com. There is invisible input in div with this URL in the plugin.
    This is the first time in 15 years I have had such a case – so that among the links on my site appear those that I definitely did not insert.

    • This reply was modified 10 months ago by cronwerk.
    Plugin Support Pawel – WPMU DEV Support

    (@wpmudev-support9)

    Hi @cronwerk,

    It may have not been you directly linking to external resources, but it is possible that if a site is infected with some malware through some suspicious code on say your WordPress core files or theme, redirects to different links can be generated from it.

    The plugin itself would not be able to detect other links without having it associated to the site itself. I have tested it on a demo site, and it’s detecting my URLs and some external links but only because I have images added on a certain page. We can check on this further for you on the new support thread you open.

    Best,
    Jonathan S

    Thread Starter cronwerk

    (@cronwerk)

    Hi!
    Your plugin links to external resources (https://managewp.com and one more) and contains hidden input. I saw it in the code. Using an external service for checking links?
    I compared the main WordPress files and theme files on my site with the distributions’ files, they are identical.
    I can’t waste time checking. I don’t want to risk infecting the server via the site databases.
    Sorry.

    Plugin Support Jorge – WPMU DEV Support

    (@wpmudevsupport15)

    Hey there @cronwerk

    I’m really sorry for the inconvenience on this one, and we totally understand if you would like not to escalate this.

    The core files of WP are not change if you install this plugin as it will only scan the actual content of pages or posts and throw a result based on the links it finds that are no longer working.

    As for the managewp.com link, well, this is because we took over the development from ManageWP, this is disclosed in the contributors and developers section of the plugin page: https://monosnap.com/file/R0MS1MjzzSLfNCocXJFnhjdSClCSwa

    Again, if you would like us to take a look, we’re here to help, and I’m sure that we can clarify on why you are getting the results that you are getting, if not, we totally understand.

    Regards,

    Jorge

    Thread Starter cronwerk

    (@cronwerk)

    Hi!

    Thanks!

    “The core files of WP are not change if you install this plugin” – I know. I compared these files with the files from the official distribution to make sure they do not contain malware you suggested.

    Let me summarize my investugations.
    My test my test site (for testing plugins) contained 1 “Sample post” page with no links. Your plugin found 3 broken links (1 and the same link) on 3 non-existent pages, leading to a site with beautiful girls.
    Perhaps the error (or malware) is not in your plugin, but in my test site. I checked and then deleted this site and its database and separately the plugin distribution. I also checked my server. None of the numerous tests found malware on my website and on my server. But not a single test in the world gives a 100% reliable result.

    Regards,
    Cronwerk

    Plugin Support Pawel – WPMU DEV Support

    (@wpmudev-support9)

    Hi @cronwerk,

    Thanks for providing your summary.

    Based on your findings, would it be possible to recreate this test site, perhaps an old backup of it? If not possible, could you maybe install the plugin on another test site and see if the behavior is the same?

    We understand in case you prefer not to spend any time with tests but would appreciate in case you do so that we can check further and better assist you. Let us know if you prefer to close this for now and mark it as resolved.

    Best,
    Jonathan S

    Thread Starter cronwerk

    (@cronwerk)

    Hi!

    Thanks for the help offered and discussion of this problem. This discussion led me to test and harden the security of my server and sites.

    I prefer to close this topic and mark it as resolved. How to do it?

    Once I had a similar problem with another plugin, and the attempts of the developers and mine to solve it led to problems with my server and all sites on it and a big waste of time and effort. It is likely that there was a security flaw or malware in that plugin.
    I will not dare to repeat this experiment. Time, energy and security are the most valuable.

    Regards,
    Cronwerk

    Plugin Support Jorge – WPMU DEV Support

    (@wpmudevsupport15)

    Hey there, @cronwerk, thank you for following up.

    No problem, we understand.

    In this case, you don’t need to close the thread as it was not in the support section, we’re not going to continue following up after this reply.

    If you would like to continue troubleshooting this or have any other issues with our products, make sure to start a new support topic here https://wordpress.org/support/plugin/broken-link-checker/

    Regards,

    Jorge

Viewing 11 replies - 1 through 11 (of 11 total)
  • The topic ‘Possibly contains malware’ is closed to new replies.