EWWW Image Optimizer
[resolved] Malware in latest update (7 posts)

  1. Mr.Fitz
    Posted 2 years ago #

    I use EWWW Image Optimizer on my website caregiver-aid.com and am very happy with it. Works great and have had no problems.
    Today I receiver this message from WORDFENCE about a critical issue involving EIO.

    "File contains suspected malware URL:"

    Filename: wp-content/plugins/ewww-image-optimizer/languages/ewww-image-optimizer-ro_RO.mo
    Bad URL: http://mediasinfo.ro/
    File type: Not a core, theme or plugin file.
    Issue first detected: 7 hours 32 mins ago.
    Severity: Critical
    Status New

    This file contains a suspected malware URL listed on Google's list of malware sites. Wordfence decodes base64 when scanning files so the URL may not be visible if you view this file. The URL is: http://mediasinfo.ro/ - More info available at Google Safe Browsing diagnostic page.

    Is this a known problem? I don't see anyone else on the support page with this problem.
    It looks like a Romania language thing, Since I only do business in U.S. can I safely delete this file without harming the plugin?

    Thanks for your time, Greg


  2. nosilver4u
    Plugin Author

    Posted 2 years ago #

    The url in question is the website of the individual (or team) that does the Romanian translations for the plugin. I don't know Romanian, but their website does not look like it distributes malware. I've sent an email to them to try and get more information, but I suspect it may actually be the ad network they use that was infected, rather than their actual website.

    You can delete the file in question, or leave it, it isn't going to hurt anything, since that url never gets displayed anywhere. It also won't break anything, since you are not using the Romanian translation.

  3. Mr.Fitz
    Posted 2 years ago #

    I've deleted this file and as you suggested there seems to be no further problems. Wordfence is now happy.

    Thank you for your quick response.

    Great plugin.


  4. nosilver4u
    Plugin Author

    Posted 2 years ago #

    Just heard back from the folks at mediasinfo.ro and they did indeed have a malware attack on their site that they have cleaned up in the last few hours. So Wordfence will be happy for now, and the file should not get flagged in future releases.

  5. Alex Schenker
    Posted 2 years ago #

    Wow, this sounds like a big security risk! Could you not include the language files by default, and have users add them on demand?

  6. nosilver4u
    Plugin Author

    Posted 2 years ago #

    Slow down, it is a very very very very very tiny security risk. How many times have you gone looking at a .po file for a particular language and clicked the link for the contributor's website? Their site was already fixed by the time the issue was reported here (a matter of hours).

  7. Alex Schenker
    Posted 2 years ago #

    Ah okay, didn't mean to over-react, my apologies. Going forwards it may prove helpful to post explanations such as this one for people that don't understand what's going on (in this case, PO files).

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • EWWW Image Optimizer
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic