Support » Plugin: dpaBottomofPostPage » Malicious scripts identified with this plugin??

  • judahraine

    (@judahraine)


    My website has been taken offline as my host advises me that malicious scripts were injected when I installed this plugin. I removed it, immediately after as it did not meet my needs, but this is now a major issue. They will not reinstate it unless I can provide assurance that the malicious scripts have been completely removed.

    I am not a developer so have no idea what to do Please advise as a matter of extreme urgency. I’ve been up from 3am every morning for two weeks bringing this to a new level, only to have this happen. It’s critical that I resolve this urgently.

    As I am now on the road for a business trip, please email judithraineforsyth@gmail.com

    Thank you.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author peter achutha

    (@peter-achutha)

    Hi Judahraine,

    Are you using the dpaBottomofPostPage plugin. There is no malicious script in this plugin. It must be related to something else. You can check the code yourself or if you do not know PHP let someone who knows PHP check the code.

    Check your server if you have ModSecurity installed. Can your host show you the malicious script that was injected?

    I have been using this plugin at http://bachutha.com and even though many hackers from Russia, China, Moldova, Germany, France, Turkey, USA, Canada, … are continuously trying to hack my site, my host have not complained about malicious scripts.

    Also protect your …/wp-content/uploads/… directory with the following code in the .htaccess file :-

    
    Options -Indexes
    DirectoryIndex index.php index.html
    
    #block hackers from these type of files #
    # multiple file types
    <FilesMatch ".(htaccess|php)$">
     Order Allow,Deny
     Deny from all
    </FilesMatch>
    

    This will block hackers inserting and executing PHP code through the /uploads/ subdirectory.

    Please let me know how it responds.

    Best regards,
    Peter

    Plugin Author peter achutha

    (@peter-achutha)

    Hi Judahraine,

    Can you show (copy & paste) what ModSecurity log shows when this occured?

    Best regards,
    Peter

    Hi Peter,

    Thank you so very much for all your assistance – all above and beyond as we’ve ascertained that this plugin was in no way responsible for the problem. The issue occurred as the result of an ftp intrusion and everything has since been resolved.

    I must add that I’m impressed and was greatly encouraged by the amazing support and encouragement, even after it became apparent that your plugin was not involved. Hats off to you. That kind of customer service is really hard to find and it definitely helped to point me in the right direction on more than one occasion – something you certainly did not have to do.

    Regards
    Judith

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Malicious scripts identified with this plugin??’ is closed to new replies.