It has a virus (10 posts)

  1. elistrov
    Posted 2 years ago #

    Plugin akisment contains a virus!

    akismet.php => PHP.Shell-83

    I think WordPress community has to delete this plugin from access.

  2. Greg Stewart
    Plugin Author

    Posted 2 years ago #

    Hi, can you elaborate on this?

  3. elistrov
    Posted 2 years ago #

    Virus is PHP.Shell-83

    First it was found by antivirus of my hosting, and then my antivirus said the same.

  4. *Drinks coffee, wonders why users post 1 star reviews without checking first. Drinks even more coffee*

    Either it's a false positive or your system is hacked.

    There's no virus in that file.


    It's not even that big a file. You really should check your system. If there's more than that small file in your copy then your WordPress installation has been compromised and hacked.

  5. elistrov
    Posted 2 years ago #

    My website is not hacked.

    Drink more coffee before telling.

  6. Christopher Finke
    Design Engineer at Automattic
    Plugin Author

    Posted 2 years ago #

    elistrov: Akismet itself does not contain any code that would be flagged as PHP.Shell-83. It's likely that your WordPress installation was compromised as described in this article, which also has some tips on preventing it from happening again: http://www.totalcomputersusa.com/2012/05/evalbase64_decodehardening-php-how-to-protect-your-site-and-your-visitors/

  7. seyemore
    Posted 2 years ago #

    I think there is a virus in Akismet too. I have a brand new, virtually blank, WP 3.9.1 install and every time I activate Aksimet AND select "Silently discard the worst and most pervasive spam so I never see it." then pages start redirecting to a "The page you requested is not available" dsparking page under an iframe. It is a dark blue page with a menu for car insurance, discount dental plans, etc.

    My computer and browser are clear of virus. Dsparking is no where on my personal computer. I have no other plugins and only one theme. I deleted every single file as well as the entire database. Everything is fine, including the one theme, until I click the Akismet setting: "Silently discard..." and then my site no longer works properly. This has happened 3 times today but ONLY after I click "Silently discard..." setting on Akismet. Once I click that setting, it's done and nothing works except to delete the database and start over.

    If you Inspect Element on the redirected page, there is a <frame set> just below the <head> that is redirecting the page:

    [ redacted ]

  8. James Huff
    Support Representative
    Posted 2 years ago #

    That sounds like you have been hacked too. Remain calm and carefully follow this guide. When you're done, you may want to implement some (if not all) of the recommended security measures.

  9. seyemore
    Posted 2 years ago #

    Thanks MacManX, but I don't see how a brand new 1 hr old install can be hacked, repeatedly, three times in one day, every time I delete the database, change the passwords and user IDs, and reinstall.

    However, I don't think this is an Akismet problem any more. I think there is something wrong with IX Webhosting (although they deny it). I am moving on to a more respected WordPress hosting service. I only used this one because I am doing this website for a friend, and this is his current hosting service.

  10. James Huff
    Support Representative
    Posted 2 years ago #

    Did you upload new files? The hack is in the files, not the database.

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Akismet
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic


No tags yet.