WordPress.org

Support

Support » Plugins and Hacks » BackWPup - WordPress Backup Plugin » [Plugin: BackWPup] Scanned Server found these files

[Plugin: BackWPup] Scanned Server found these files

  • Hi

    Just an FYI, after the last upgrade, we had trouble with the VPS using too much memory. Did a scan using Clamscan and found these files:

    {HEX}base64.inject.unclassed.6 : /home/xxxl/public_html/wp-content/plugins/backwpup/pages/func_backwpupeditjob.php
    {HEX}base64.inject.unclassed.6 : /home/xxxx/public_html/wp-content/plugins/backwpup/pages/page_backwpupsettings.php

    {HEX}base64.inject.unclassed.6 : /home/xxxx/public_html/jp_sub/wp-content/plugins/backwpup/app/options-settings.php
    {HEX}base64.inject.unclassed.6 : /home/xxx/public_html/jp_sub/wp-content/plugins/backwpup/app/options-edit-job.php
    {HEX}base64.inject.unclassed.6 : /home/xxxx/public_html/hawaii/wp-content/plugins/backwpup/pages/func_backwpupeditjob.php
    {HEX}base64.inject.unclassed.6 : /home/xxx/public_html/hawaii/wp-content/plugins/backwpup/pages/page_backwpupsettings.php
    {HEX}base64.inject.unclassed.6 : /home/xxx/public_html/kr_sub/wp-content/plugins/backwpup/app/options-settings.php
    {HEX}base64.inject.unclassed.6 : /home/xxx/public_html/kr_sub/wp-content/plugins/backwpup/app/options-edit-job.php
    {HEX}base64.inject.unclassed.6 : /home/xxx/public_html/de_sub/wp-content/plugins/backwpup/app/options-settings.php
    {HEX}base64.inject.unclassed.6 : /home/xxx/public_html/de_sub/wp-content/plugins/backwpup/app/options-edit-job.php

    In fact all of the domains and sub-domains on that server were affected. Not sure how they got there. But thought I’d let you know.

    Regards
    runner2009

    http://wordpress.org/extend/plugins/backwpup/

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Daniel Hüsken

    @danielhuesken

    I use the base64 finktion in these files. In next version ich change it a bit so that the scannner hopfuly not makes the false positive.

    I also have a problem with the following:

    /httpdocs/wp-content/plugins/backwpup/pages/page_backwpupsettings.php: Atomicorp.honeypot.hex.base64.inject.unclassed.6.UNOFFICIAL FOUND

    /httpdocs/wp-content/plugins/backwpup/pages/func_backwpupeditjob.php: Atomicorp.honeypot.hex.base64.inject.unclassed.6.UNOFFICIAL FOUND

    The site also showed up with a warning “… contains content from acstonga.osa.pl, a site know to distribute malware.”

    Any ideas why this should happen?

    Plugin Author Daniel Hüsken

    @danielhuesken

    A chane will come with version 3…..

    Hi Daniel,

    I know that you must be already aware of this issue, given the posts above. Anyway I’m writing to report the same issue here with version 2.1.10

    malware scanner detected the following:

    /home/pwtpdlha/public_html/
    content/plugins/backwpup/pages/page_backwpupsettings.php
    /home/pwtpdlha/public_html/content/plugins/backwpup/pages/func_backwpupeditjob.php
    
    FILE HIT LIST:
    {HEX}base64.inject.unclassed.6 : /home/pwtpdlha/public_html/content/plugins/backwpup/pages/page_backwpupsettings.php => /usr/local/maldetect/quarantine/page_backwpupsettings.php.25415
    {HEX}base64.inject.unclassed.6 : /home/pwtpdlha/public_html/content/plugins/backwpup/pages/func_backwpupeditjob.php => /usr/local/maldetect/quarantine/func_backwpupeditjob.php.25960

    I think most malware scanners don’t really like Base64… it’s been exploited by too many malwares

    looking forward to see an update of this excellent backup tool 🙂

    keep up the good job

    Plugin Author Daniel Hüsken

    @danielhuesken

    I have chanded it for the 3. Version. but i can’t say in moment when i release it.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘[Plugin: BackWPup] Scanned Server found these files’ is closed to new replies.
Skip to toolbar