Title: Strange behaviour
Last modified: August 22, 2016

---

# Strange behaviour

 *  Resolved [Martijn van der Kooij](https://wordpress.org/support/users/martijn-van-der-kooij/)
 * (@martijn-van-der-kooij)
 * [11 years, 7 months ago](https://wordpress.org/support/topic/strange-behaviour-8/)
 * I have not installed this plugin. I found out about this plugin because a 404
   was logged on:
    ​/wp-content​/plugins​/sexy-contact-form​/includes​/fileupload​/
   index.php
 * This was a call from a Russia IP.
 * Can some explain me why someone is trying to run a (not existing) php script?
   
   And what is the content of that php file. It is an empty file in the plugin download.
 * Very odd.
 * [https://wordpress.org/plugins/sexy-contact-form/](https://wordpress.org/plugins/sexy-contact-form/)

Viewing 3 replies - 1 through 3 (of 3 total)

 *  Plugin Author [Creative-Solutions](https://wordpress.org/support/users/creative-solutions-1/)
 * (@creative-solutions-1)
 * [11 years, 7 months ago](https://wordpress.org/support/topic/strange-behaviour-8/#post-5535650)
 * Hello,
 * There was a security bug in old versions of Creative Contact Form.
    We have fixed
   the bug, and changed the structure of scripts, but keep the empty file, to allow
   updater overwrite old file, which has a bug in it.
 * Some sites have written about that bug, probably that is why someone tries to
   run that script on your site.
    Anyway the bug was solved, and this plugin is 
   absolutely safe now.
 * Best Regards,
    Simon
 *  [ddach69](https://wordpress.org/support/users/ddach69/)
 * (@ddach69)
 * [11 years, 7 months ago](https://wordpress.org/support/topic/strange-behaviour-8/#post-5535772)
 * After multiple WP sites on the same (mine) server were all recently infected 
   with the SoakSoak virus, and the abuse department at my host tracked it to the“
   Creative Contact Form” plugin the following location, I no longer trust it. In
   the host’s words:
 * _“The following URL was being used as an open uploader to your
    account:
 * (URL changed below by me)_
    [http://www.mysite.com/wp-content/plugins/sexy-contact-form/includes/fileupload](http://www.mysite.com/wp-content/plugins/sexy-contact-form/includes/fileupload)
 * I locked down the directory
    public_html/50marketing/wp-content/plugins/sexy-
   contact-form/includes/fileupload/files/, where malicious files were being uploaded
   for now, but you may wish to consider, at the very least, removing the upload
   feature of that plugin.”
 *  Plugin Author [Creative-Solutions](https://wordpress.org/support/users/creative-solutions-1/)
 * (@creative-solutions-1)
 * [11 years, 7 months ago](https://wordpress.org/support/topic/strange-behaviour-8/#post-5535774)
 * Hello,
 * The bug have been fixed since version 1.0.0.
    Sorry for any inconvenience you
   had.
 * As I write in forums, after update you should remove all files from `wp-content/
   plugins/sexy-contact-form/includes/fileupload/files/` directory, because updater
   script can not delete files.
 * Or you can just uninstall plugin, then install it again.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Strange behaviour’ is closed to new replies.

 * ![](https://s.w.org/plugins/geopattern-icon/sexy-contact-form_959595.svg)
 * [Creative Contact Form](https://wordpress.org/plugins/sexy-contact-form/)
 * [Support Threads](https://wordpress.org/support/plugin/sexy-contact-form/)
 * [Active Topics](https://wordpress.org/support/plugin/sexy-contact-form/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/sexy-contact-form/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/sexy-contact-form/reviews/)

 * 3 replies
 * 3 participants
 * Last reply from: [Creative-Solutions](https://wordpress.org/support/users/creative-solutions-1/)
 * Last activity: [11 years, 7 months ago](https://wordpress.org/support/topic/strange-behaviour-8/#post-5535774)
 * Status: resolved