I wrote the plugin and it is not malware.
It has been available on the WordPress repository since 2010, and has many thousands of users. The source code is available for all to inspect.
Please let me know some more specifics. What kind of malware? What program found the malware?
Keith P. Graham.
Hi Keith
Thank you for the response – apologies I didn’t mean to be so blunt sounding (this is maybe the 100th email/message I’ve written today, such is modern life).
There was an ajax.php file in the root plus the files mentioned above which were compromised. When I looked through Stop Spammer I noted this as well – https://s10.postimg.org/5do0w94jt/keith_breach.jpg
Initially no scans noticed anything. It was when I did a site: index check on Google I noticed a lot of spam pages such as https://s10.postimg.org/5ri6vuyzt/image.png
I was quite perplexed when the hosting company suggested the plugin was the cause! But I felt it was worth highlighting incase it was an issue you may have previously encountered.
Last thing, I’ve got the compromised files if you would want to review them. I’ve hopefully removed them from the live site but I’ve got archived copies.
I suppose the last point worth noting is that the site was updated to 4.6 about 2 months ago.
Kind Regards
Craig
The image is obviously out of place and is not normally a part of the plugin.
The problem now becomes how was the plugin compromised. I am concerned that the plugin was not chosen at random. Either there is a vulnerability on the plugin that I am not aware of, or it was chosen for a reason.
All the programs in “settings” are only visible by the sysop. The file in “includes” only kicks off if there is a post or login. The plugin must be very altered for these files to be used in malware.
Please keep me informed, and I will search for exploits involving the plugin.
Thanks,
Keith
Hi
I reinstalled your plugin last night after cleaning the website. Guess what? The hack has come back! I’m wondering if the wordpress plugin page is redirecting me to a similar site
I checked the version on the wordpress plugin repository and the beta version on my website. Neither is infected.
Your website must be infected. Something is really gone bad.
I am concerned that is is infecting my plugin.
What software is reporting the infection?
Keith
my website has been hacked too
was thinking of downloading this plugin because I liked it before but
now I am very to leary to do so
I keep on cleaning up my server but someone always come behind me
and rechanges it.
going mad !
Please delete the plugin if you are the least worried about it.
The version on the wordpress.org website and the version on my website are not hacked.
There are other solutions to the spam problem and you could try them.
Keith
Hi Keith
I don’t think your plugin was the source of the hack & after closer inspection it transpires the hack had a trigger which injected the DB after I cleaned it.
The only fix was to rebuild the website as the back ups were all compromised.
Thank you for your patience.
Craig
