Support » Plugin: Nav Menu Collapse » It is not safe it is an open door to attack

  • Resolved karlosiglesiasmontes

    (@karlosiglesiasmontes)


    I have received notice from my server of malicious files specifically in this plugin. I have reinstalled the completely clean web and again I suffer attack through this plugin.

Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Author Robert Noakes

    (@rnoakes3rd)

    @karlosiglesiasmontes,

    If possible, could you please send me a copy of that report? If my plugin is insecure, I’d definitely like to get that resolved.

    Thank you,
    Robert

    Thread Starter karlosiglesiasmontes

    (@karlosiglesiasmontes)

    2 days ago, the server where I have my website (www.ionos.es) sent me several emails informing me that its system had detected malicious code and they referred me to a .log file so that I could delete or clean those files.

    That same day I decide to delete all the content and reinstall a backup with wp 5.7.1 and all the updated plugins.

    I call the server in case they can check the web and they tell me that the system does it automatically every x time and that if it is clean I will not receive any more reports.

    After a day another notice comes to me and looking at the .log I suspect that the problem comes from the nav-menu-collapse plugin. I don’t think the .log will help you much to solve the problem, I have removed the plugin and for the moment everything is fine.

    I hope you find a solution.

    foto .log

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Forum Moderator & Support Team Volunteer

    This is not a review; I’m moving to to this plugin’s support area.

    Plugin Author Robert Noakes

    (@rnoakes3rd)

    Thank you, @sterndata!

    @karlosiglesiasmontes,

    Looking at the log, none of the files in question are included with the plugin. Luckily for me, it doesn’t look like my plugin is the issue. I’m not a security expert, but I believe you should change all of your passwords (hosting, WP, etc.) and remove all infected files from the server. You may also want to install Wordfence and run a scan to find any other possible infections.

    Robert

    Thread Starter karlosiglesiasmontes

    (@karlosiglesiasmontes)

    I know that the malicious .log files are not from your plugin, they are infected, but I believe that somehow the malware has used the plugin as a gateway. I have already commented that I have deleted all the content of the web (everything, including the database) and I have installed a backup copy from scratch eliminating its plugin and my website is clean of problems.

    I cannot 100% say that the problem is your plugin because I am not a specialist but in the .log file your plugin only appears as infected by one of those malicious files.

    If you are sure that your plugin is 100% safe without the need to install Wordfence, I am sorry I made the comment, I thought it was helping.

    Plugin Author Robert Noakes

    (@rnoakes3rd)

    I follow WordPress security guidelines as closely as possible during development, but I’m not a security specialist either. 🙂 I would still recommend a Wordfence scan to see if there are any other malicious files hiding in the site.

    Thread Starter karlosiglesiasmontes

    (@karlosiglesiasmontes)

    OK thank you

Viewing 7 replies - 1 through 7 (of 7 total)
  • You must be logged in to reply to this topic.