Title: Hacking alert Last modified: August 22, 2016 --- # Hacking alert * [manilLons](https://wordpress.org/support/users/manillons/) * (@manillons) * [11 years, 2 months ago](https://wordpress.org/support/topic/hacking-alert/) * Hi, * My host provider just block my website (Forbidden You don’t have permission to access / on this server.) and sent me an hacking alert with this message : * Executing deleted program Commande apparente : ././crond Exécutable utilisé : www/wp-content/plugins/easy-columns/img/.nfs0000000004824a2100001b9a * Does it means the issue come from your plugin ? * Thank you for your help. * [https://wordpress.org/plugins/easy-columns/](https://wordpress.org/plugins/easy-columns/) Viewing 2 replies - 1 through 2 (of 2 total) * [Clarus Dignus](https://wordpress.org/support/users/clarus-dignus/) * (@clarus-dignus) * [11 years, 2 months ago](https://wordpress.org/support/topic/hacking-alert/#post-5825008) * Hi maniLons. I’m very interested in any further information you might have on this matter. * The path in your message certainly suggests that this plugin might be implicated. * You can check for malicious plugin code by first installing this plugin: [https://wordpress.org/plugins/tac/](https://wordpress.org/plugins/tac/) * …and then installing this plugin (which requires the first plugin to be installed): [https://wordpress.org/plugins/plugin-check/](https://wordpress.org/plugins/plugin-check/) * You can then run a scan of your plugins. Let me know if you identify anything. * This security plugin is also very effective at identifying issues: [https://wordpress.org/plugins/gotmls/](https://wordpress.org/plugins/gotmls/) * Please post back and share your findings. * I’ve noticed a use of deprecated function by this plugin though I’m not sure if it’s related or not: [https://wordpress.org/support/topic/has_cap-deprecated-but-being-called?replies=1](https://wordpress.org/support/topic/has_cap-deprecated-but-being-called?replies=1) * Thread Starter [manilLons](https://wordpress.org/support/users/manillons/) * (@manillons) * [11 years, 2 months ago](https://wordpress.org/support/topic/hacking-alert/#post-5825031) * Hi Clarus, * Thank you for your help. I solved the problem using WP Antivirus Site Protection( by SiteGuarding.com) to scan my website and find all the infected files. It looks all right know. It was a base64 exploit. About 100 files to manage, delete, or replace by new ones, some wordpress core files were modified too (into wp/ includes…) * My first attempt was to remove this plugin, but my host blocked again the website after a few hours. The free version of WP Antivirus Site Protection shows the name of the infected files but hide their path, so I needed to use filezilla to search them by name and date. The more infected folders were plugins ones : backwpup, simplepie (that I didn’t remember to be installed…), tinymce, revslider…. And many files infected everywhere. * This thread seems to explain the exploit, but my english is too poor to understand 🙂 * [http://somewebgeek.com/2014/wordpress-remote-code-execution-base64_decode/](http://somewebgeek.com/2014/wordpress-remote-code-execution-base64_decode/) * Hope that helps. Regards Viewing 2 replies - 1 through 2 (of 2 total) The topic ‘Hacking alert’ is closed to new replies. * ![](https://s.w.org/plugins/geopattern-icon/easy-columns_abb3b5.svg) * [WP Easy Columns](https://wordpress.org/plugins/easy-columns/) * [Frequently Asked Questions](https://wordpress.org/plugins/easy-columns/#faq) * [Support Threads](https://wordpress.org/support/plugin/easy-columns/) * [Active Topics](https://wordpress.org/support/plugin/easy-columns/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/easy-columns/unresolved/) * [Reviews](https://wordpress.org/support/plugin/easy-columns/reviews/) ## Tags * [forbidden](https://wordpress.org/support/topic-tag/forbidden/) * 2 replies * 2 participants * Last reply from: [manilLons](https://wordpress.org/support/users/manillons/) * Last activity: [11 years, 2 months ago](https://wordpress.org/support/topic/hacking-alert/#post-5825031) * Status: not resolved