I switched to WordPress a while ago after my former non-WP site was subjected to the infamous pharma hack. I have a couple of automated scripts that look for hacked files, and I decided I should run them periodically as a precaution.
I just did that and the “Looking for bad guys” script reports:
Searching for files with suspicious names…
Files encountered = 5639, Matching regex and processed = 0; Directories encountered = 624, Matched and processed = 624
Searching for files with names related to WordPress pharma hack…
2013-11-06 02:28:12 /[redacted]/plugins/broken-link-checker/includes/admin/db-schema.php is most likely a pharma hack.
2013-11-06 02:28:12 /[redacted]/plugins/broken-link-checker/includes/admin/db-upgrade.php is most likely a pharma hack.
Files encountered = 5639, Matching regex and processed = 2; Directories encountered = 624, Matched and processed = 624
I inspected those files, comparing them to the same files from a freshly downloaded copy of the plugin. The file sizes are identical and I can’t see anything that looks suspicious or altered.
Has anyone encountered this before? I’m not sure if this is a false positive or what.
- The topic ‘Pharma hack warning from plugin files?’ is closed to new replies.