Support » Plugin: Duplicator - WordPress Migration Plugin » harmful code duplicator 1.1.20

  • Resolved andreaslindgren

    (@andreaslindgren)


    Hi

    My server provider reported today that the following file in duplicator spreads harmful code.

    /wp-content/plugins/duplicator/installer/build/assets/inc.libs.js.php

    Can you check if there is something wrong with the plugin?

    There is more than one site that i have on the same server that has reported about this.

Viewing 15 replies - 1 through 15 (of 23 total)
  • I just got the same message from my host.

    We have detected malicious PHP scripts on your webhosting package. To prevent system abuse, our system has automatically quarantined these files. This concerns the following scripts:

    shell.generic (Web shell)
    /wp-content/plugins/duplicator/installer/build/assets/inc.libs.js.php

    Existence of these scripts generally points to third parties having gained access to your webhosting package through means of e.g. stolen passwords or exploiting a vulnerability in one of the software packages you are using. We strongly recommend you check the entire webhosting package for other files that appear out of place, which our detection system might have missed.

    • This reply was modified 2 years, 10 months ago by  kosmiq.

    Same here!

    Same situation

    Same here!

    Same here. I removed the plugin temporarily, but would like to know what to do, I have no idea if there is any harm done to my site, don’t know how to find out about this.

    Same here: 3 webshops

    • This reply was modified 2 years, 10 months ago by  flipper1960.

    Same here.

    The harmful script that has been place in quarantaine is:

    shell.generic (Webshell)
    /home/*debnr*/domains/*domain*/public_html/wp-content/plugins/duplicator/installer/build/assets/inc.libs.js.php

    Same. The detection software these webhosts are using is Patchman.

    Indeed, my host also uses Patchman

    Same exact thing going on here. Host uses Patchman as well.

    It’s not gonna be fun to do, but I’ll be going into every site and removing Duplicator until there’s a definitive answer and fix.

    • This reply was modified 2 years, 10 months ago by  JenJohnston.

    Same here. Just removed Duplicator from every site. As if I had nothing else to do on a monday afternoon 😉

    Is it enough to remove the plugin? If there is such a code running, wouldn’t it be safest to change all passwords of the wp-logins? I would have to do this on like 20 sites; including customer accesses…

    An Answer of the developer would be helpful.

    Just checked. File wp-content/plugins/duplicator/installer/build/assets/inc.libs.js.php in core file in version 1.16. As i understand, there is no virus.

    Plugin Author Bob Riley

    (@bobriley)

    Also – what web hosts are you guys using and levels? (Shared/VPS/Dedicated) Thanks

    Bob

    Plugin Author Bob Riley

    (@bobriley)

    Hi guys, we haven’t updated the plugin in 2 weeks so we are pretty sure this is a false flag. Can someone give me detail about line number of inc.libs.js.php that is triggering the problem? Thanks

    Bob

Viewing 15 replies - 1 through 15 (of 23 total)
  • The topic ‘harmful code duplicator 1.1.20’ is closed to new replies.