Malware in latest update

  • Resolved Mr.Fitz

    (@mrfitz)


    10 years, 2 months ago

    I use EWWW Image Optimizer on my website caregiver-aid.com and am very happy with it. Works great and have had no problems.
    Today I receiver this message from WORDFENCE about a critical issue involving EIO.

    “File contains suspected malware URL:”

    Filename: wp-content/plugins/ewww-image-optimizer/languages/ewww-image-optimizer-ro_RO.mo
    Bad URL: http://mediasinfo.ro/
    File type: Not a core, theme or plugin file.
    Issue first detected: 7 hours 32 mins ago.
    Severity: Critical
    Status New

    This file contains a suspected malware URL listed on Google’s list of malware sites. Wordfence decodes base64 when scanning files so the URL may not be visible if you view this file. The URL is: http://mediasinfo.ro/ – More info available at Google Safe Browsing diagnostic page.

    Is this a known problem? I don’t see anyone else on the support page with this problem.
    It looks like a Romania language thing, Since I only do business in U.S. can I safely delete this file without harming the plugin?

    Thanks for your time, Greg

    https://wordpress.org/plugins/ewww-image-optimizer/

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author nosilver4u

    (@nosilver4u)

    10 years, 2 months ago

    The url in question is the website of the individual (or team) that does the Romanian translations for the plugin. I don’t know Romanian, but their website does not look like it distributes malware. I’ve sent an email to them to try and get more information, but I suspect it may actually be the ad network they use that was infected, rather than their actual website.

    You can delete the file in question, or leave it, it isn’t going to hurt anything, since that url never gets displayed anywhere. It also won’t break anything, since you are not using the Romanian translation.

    Thread Starter Mr.Fitz

    (@mrfitz)

    10 years, 2 months ago

    I’ve deleted this file and as you suggested there seems to be no further problems. Wordfence is now happy.

    Thank you for your quick response.

    Great plugin.

    Greg

    Plugin Author nosilver4u

    (@nosilver4u)

    10 years, 2 months ago

    Just heard back from the folks at mediasinfo.ro and they did indeed have a malware attack on their site that they have cleaned up in the last few hours. So Wordfence will be happy for now, and the file should not get flagged in future releases.

    Alex

    (@asterix)

    10 years, 1 month ago

    Wow, this sounds like a big security risk! Could you not include the language files by default, and have users add them on demand?

    Plugin Author nosilver4u

    (@nosilver4u)

    10 years, 1 month ago

    Slow down, it is a very very very very very tiny security risk. How many times have you gone looking at a .po file for a particular language and clicked the link for the contributor’s website? Their site was already fixed by the time the issue was reported here (a matter of hours).

    Alex

    (@asterix)

    10 years, 1 month ago

    Ah okay, didn’t mean to over-react, my apologies. Going forwards it may prove helpful to post explanations such as this one for people that don’t understand what’s going on (in this case, PO files).

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Malware in latest update’ is closed to new replies.

Tags