Support » Plugin: WPeMatico » Malware?

  • Our host had our site disabled yesterday, due to this file:

    {HEX}base64.inject.unclassed.6 : ///wp-
    content/plugins/wpematico/app/settings_page.php

    Can you please help us resolve this issue and update our host provider, as they took a beating over it, and not sure if it is a false positive or not…?

    http://wordpress.org/extend/plugins/wpematico/

Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator Jan Dembowski

    (@jdembowski)

    Brute Squad and Volunteer Moderator

    Your site may have been hacked. On the current download for that plugin I don’t see that reference in plugins/wpematico/app/settings_page.php.

    There is a <?php echo base64_decode($cfg['mailpass']);?> on line 56 of that file but that should not cause your site to be disabled.

    I would suggest anyone running WordPress to set wp-config.php permissions at (600) Read and Write for the Owner only.

    If you allow anyone to read your config file they can get your database name and password, and hack the crap out of your site!

    FWIW, I have 34 WPeMatico campaigns running with no nasty grams from my web host. Though the CPU usage when running a campaign is really intensive.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Malware?’ is closed to new replies.