Support » Plugin: WP-SpamShield » Has the official website been hacked?

  • Resolved lordanti


    When I try to visit the official plugin website (that redsandmarketing site) my browser just offers me to download a zip file. What’s going on?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Contributor Red Sand Media Group


    No, our website has not been hacked. If you have that happen, you’re triggering a firewall security countermeasure. Normal site visitors would never run into that.

    You have to be doing something quite suspicious to trigger that. (As in, the site is detecting an attack.) What exactly were you trying to do at our site? Don’t be offended if you weren’t doing anything intentionally…I just have to ask. If you weren’t doing anything intentionally, then there may be malicious traffic on your network that you’re not aware of (aka malware).

    Our records/logs indicate malicious behavior coming from an IP address, that based on timing and a few other factors, is likely yours. You may or may not be aware of it. I’m not going to go into further detail on a forum. You may need to do a deeper security audit of your computer/network.

    I would recommend installing BitDefender or another good security+anti-virus on your system, and running a thorough scan. Also, and this is even more important…if you are using an expired operating system that is no longer supported, you should upgrade to a modern operating system. Windows XP is an example of an outdated OS. Microsoft stopped supporting it a couple years ago, which means no more security updates. It was released over 15 years ago and is a security nightmare for folks. Simply running an anti-virus/anti-malware won’t do much to protect you, because of the plethora of security holes that aren’t patched, and won’t be patched.

    Plugin Contributor Red Sand Media Group


    I just wanted to follow up with a bit of additional info. I was able to isolate the incident in question.

    We confirmed that IP address I mentioned before was indeed correct, and the one that malicious traffic came from:

    167.XXX.0.XXX – Blocks B and D redacted for privacy

    We ran a quick check of the IP against an array of DNSBLs (DNS Blacklists) and it came up as blacklisted on 4 of them.

    Our server does not block website traffic based on DNSBLs (DNS Blacklists), but checking these may be helpful for you because it provides a separate, second opinion.

    So, there has definitely been some malicious traffic from your network or computer to other websites as well, even before today. Please definitely follow my recommendation about securing your computer (and network).

    There is an easy way you can check if your IP address is on a blacklist:

    • Go to their blacklist check tool, and copy and paste your IP address into it. (From the previous step).

    There are a number of other free tools on the web that can help you with this as well.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Has the official website been hacked?’ is closed to new replies.