WordPress.org

Forums

Antispam Bee
Modified plugin files without update! (4 posts)

  1. Tony Hunt
    Member
    Posted 1 year ago #

    I really love your plugin, I do, but you guys HAVE to start using the WP update process to modify/update your plugin. When you don't, those of us that are running viable security applications get a TON of alarms on our sites when you update this plugin remotely using what I am guessing is an executable script within your plugin.

    I am getting this FAR too often from this plugin:

    Filename: wp-content/plugins/antispam-bee/antispam_bee.php
    File type: Plugin
    Issue first detected: 11 hours 33 mins ago.
    Severity: Warning
    Status New
    This file belongs to plugin "Antispam Bee" version "2.5.9" and has been modified from the file that is distributed by WordPress.org for this version.

    Filename: wp-content/plugins/antispam-bee/readme.txt
    File type: Plugin
    Issue first detected: 11 hours 33 mins ago.
    Severity: Warning
    Status New
    This file belongs to plugin "Antispam Bee" version "2.5.9" and has been modified from the file that is distributed by WordPress.org for this version.

    Filename: wp-content/plugins/antispam-bee/js/dashboard.js
    File type: Plugin
    Issue first detected: 19 hours 14 mins ago.
    Severity: Warning
    Status New
    This file belongs to plugin "Antispam Bee" version "2.5.9" and has been modified from the file that is distributed by WordPress.org for this version.

    Could you please issue a updated version with these changes so that those of us with edit tracking on our webservers dont have a gazillion alarms going off when you edit your plugin (I assume through and auto-update script somewhere on the back-end of your plugin.)

    Datasets Changed:
    http://imgur.com/iBsiTZR
    http://imgur.com/zApdMmW
    http://imgur.com/dS0u64Z

    Unfortunately, this is actually a pretty scary security issue and I'll be removing your plugin if this issue isn't resolved post-haste.

    http://wordpress.org/plugins/antispam-bee/

  2. Simon
    Member
    Posted 1 year ago #

    The changes you list have been commited to source control in the last 2 months, but there was no plugin update published, nor does Antispam Bee update files itself:

    Datasets Changed:
    http://imgur.com/iBsiTZR
    -> http://plugins.trac.wordpress.org/changeset/762449/

    http://imgur.com/zApdMmW
    -> http://plugins.trac.wordpress.org/changeset/791916/

    http://imgur.com/dS0u64Z
    -> http://plugins.trac.wordpress.org/changeset/767317/

    I'm not so familiar with the new auto-update feature of WordPress, which could have played a role in your mess happening, but my sites still have the original Antispam Bee 2.5.9 files from August when I updated the plugin (installation and updates done through dashboard, nothing manual).

  3. Tony Hunt
    Member
    Posted 1 year ago #

    That's a good point, however the changes cited actually occurred prior to the auto-update features' integration.

    The tracking system compares against the published version installed for changes...not versus the changesets, which I suspect is the underlying cause of the alert, however the files local to the webserver were definitely changed.

    I'd say approximately 30% of the WP sites I manage (over 3 completely different hosts/datacenters) popped up with this.

    I am going to see if some tests can be done with the tracking software just to be sure, but I'd like to see who else has run into this, if anyone.

  4. toggerybob
    Member
    Posted 1 year ago #

    I'm so glad to have found this issue on the forum. I'm at my wits end trying to keep up with plugin updates. Even the ones correctly updated through WordPress.

    How is it that any plugin publisher can get away with this? I just go in and restore the original files, because I have no indication of what's been changed.

    Please help!
    Many thanks for your support.

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Antispam Bee
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic

Tags

No tags yet.